NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-14(3)Remote Viewing and Listening

Provide and implement the capability for authorized users to remotely view and hear content related to an established user session in real time.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

None.

Practitioner Notes

Enable remote viewing and listening of session activity in real time. For high-risk sessions, a security analyst should be able to watch what is happening live.

Example 1: Use CyberArk PSM's live monitoring feature to watch privileged sessions in real time. A SOC analyst can observe an admin's RDP session as it happens and terminate the session immediately if suspicious activity is detected.

Example 2: Configure Windows Remote Desktop shadowing so that a security admin can shadow an active RDP session. Use the command mstsc /shadow:1 /v:servername /control to view (or control) the session in real time. Document when and why session shadowing is used and notify users per your monitoring policy.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component