Secure Remote Access Connection Audit Checklist

Objectives
- Determine if the organization authorizes, monitors, and controls remote access to the information system for all allowed methods of remote access to include both establishment of the remote connection and subsequent user actions across that connection.

Checklist
- Examine access control policy and procedures; security plan, information system design documentation, or other relevant documents; reviewing for (1) the list of authorized methods of remote access to include both establishment of the remote connection and subsequent user actions across that connection, and (2) the measures and their configuration settings (where applicable) to be employed to authorize, monitor, and control these implemented methods of remote access to the information system.
- Examine documentation describing the current configuration settings for an agreed-upon representative sample of the mechanisms; reviewing for evidence that the mechanisms are configured.
- Examine an agreed-upon representative sample of records associated with the remote access monitoring activities; reviewing for evidence that the remote access monitoring activities are employed as intended
- Examine the remote access control activities; observing for further evidence that the remote access control activities are employed as intended.

Objectives
- Determine if the information system employs automated mechanisms to facilitate the monitoring and control of remote access methods.

Checklist
- Examine security plan, information system design documentation, or other relevant documents; reviewing for the automated mechanisms and their configuration settings to be employed to facilitate the monitoring and control of remote access methods.
- Examine documentation describing the current configuration settings for an agreed-upon representative sample of the mechanisms; reviewing for evidence that the mechanisms are configured.
- Test an agreed-upon representative sample of automated mechanisms; conducting generalized testing for evidence that the mechanisms operate as intended.