STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-17 (9) — Remote Access

CCI-002322

Definition

Provide the capability to disconnect or disable remote access to the system within the organization-defined time period.

Parent Control

AC-17 (9)Remote AccessAccess Control

Linked STIG Checks (30)

V-274027CAT IIAmazon Linux 2023 must have the firewalld package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274028CAT IIAmazon Linux 2023 must have the firewalld service active.Amazon Linux 2023 Security Technical Implementation Guide V-268078CAT IINixOS must enable the built-in firewall.Anduril NixOS Security Technical Implementation Guide V-214260CAT IIThe Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214344CAT IIThe Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222981CAT IILockOutRealms failureCount attribute must be set to 5 failed logins for admin users.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222982CAT IIILockOutRealms lockOutTime attribute must be set to 600 seconds (10 minutes) for admin users.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-204979CAT IIThe ALG providing intermediary services for remote access communications traffic must provide the capability to immediately disconnect or disable remote access to the information system.Application Layer Gateway Security Requirements Guide V-204783CAT IIThe application server must provide the capability to immediately disconnect or disable remote access to the management interface.Application Server Security Requirements Guide V-269358CAT IIAlmaLinux OS 9 must have the firewalld package installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-203687CAT IIThe operating system must provide the capability to immediately disconnect or disable remote access to the operating system.General Purpose Operating System Security Requirements Guide V-213538CAT IINetwork access to HTTP management must be disabled on domain-enabled application servers not designated as the domain controller.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-218813CAT IIThe IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-218764CAT IIThe IIS 10.0 website must provide the capability to immediately disconnect or disable remote access to the hosted applications.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-221301CAT IIOHS must provide the capability to immediately disconnect or disable remote access to the hosted applications.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-248865CAT IIA firewall must be able to protect against or limit the effects of denial-of-service (DoS) attacks by ensuring OL 8 can implement rate-limiting measures on impacted network interfaces.Oracle Linux 8 Security Technical Implementation Guide V-271469CAT IIOL 9 must have the firewalld package installed.Oracle Linux 9 Security Technical Implementation Guide V-228855CAT IIThe Palo Alto Networks security, if used as a TLS gateway/decryption point or VPN concentrator, must provide the capability to immediately disconnect or disable remote access to the information system.Palo Alto Networks ALG Security Technical Implementation Guide V-280955CAT IIRHEL 10 must have the "firewalld" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-257935CAT IIRHEL 9 must have the firewalld package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-261310CAT IISLEM 5 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-241005CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.0 Security Technical Implementation Guide V-234066CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.3 Security Technical Implementation Guide V-282485CAT IITOSS 5 must have the firewalld package installed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282549CAT IITOSS 5 must securely compare internal information system clocks at least every 24 hours.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-256400CAT IIThe ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-258754CAT IIThe ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-207436CAT IIThe VMM must provide the capability to immediately disconnect or disable remote access to the information system.Virtual Machine Manager Security Requirements Guide V-207229CAT IIThe VPN Gateway administrator accounts or security policy must be configured to allow the system administrator to immediately disconnect or disable remote access to devices and/or users when needed.Virtual Private Network (VPN) Security Requirements Guide V-206418CAT IIThe web server must provide the capability to immediately disconnect or disable remote access to the hosted applications.Web Server Security Requirements Guide