FedRAMP Controls / AC
AC-17(3) Managed Access Control Points
Family AC
Baselines moderate
Mapped KSIs 5
Control statement
Route remote accesses through authorized and managed network access control points.
Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-CNA-01 | Restrict Network Traffic _Persistently_ ensure all _machine-based_ _information resources_ are configured to limit inbound and outbound network traffic. | Cloud Native Architecture |
| KSI-CNA-02 | Attack Surface _Persistently_ ensure _machine-based_ _information resources_ have a minimal attack surface and that lateral movement is minimized if compromised. | Cloud Native Architecture |
| KSI-CNA-03 | Enforce Traffic Flow Use logical networking and related capabilities to enforce traffic flow controls. | Cloud Native Architecture |
| KSI-CNA-07 | Best Practices _Persistently_ ensure cloud-native _machine-based_ _information resources_ are implemented based on the host provider's best practices and documented guidance. | Cloud Native Architecture |
| KSI-IAM-05 | Least Privilege _Persistently_ ensure that identity and access management employs measures to ensure each user or device can only access the resources they need. | Identity and Access Management |