CMMC Level 2
Control 3.1.13
Employ Cryptographic Mechanisms for Remote Access
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
What This Means in Plain English
All remote connections must be encrypted. Whether someone is using VPN, remote desktop, or accessing a web application, the data in transit must be protected so that no one can eavesdrop on the session.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- FortiGate VPN using IPSec and SSL/TLS with FIPS 140-2 validated cryptographic modules
- TLS 1.2+ enforced on all web applications and cloud services
- Remote Desktop Protocol (RDP) sessions restricted to Network Level Authentication with TLS encryption
- SSH connections using strong cipher suites (AES-256) for Linux server management
- Microsoft 365 requiring encrypted connections for all Exchange Online and SharePoint access
Assessment Guidance
Assessors will test that all remote access sessions use approved encryption, verify VPN cipher suite configurations, check TLS versions on web portals, and confirm that unencrypted remote access methods are disabled.
Common Implementation Gaps
- VPN configured with weak or deprecated encryption (DES, RC4)
- TLS 1.0/1.1 still enabled on web servers
- RDP without Network Level Authentication or TLS
- Telnet or unencrypted protocols still in use
- Self-signed certificates without proper validation
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | AC-17(2) |
| HIPAA | 164.312(e)(1) - Transmission Security |
| PCI DSS | Req 4.1 - Use strong cryptography and security protocols |
Need Help Implementing 3.1.13?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment