NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-3(9)Authenticate Remote Commands

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

Authenticate remote commands before executing them to prevent attackers from sending unauthorized instructions to your systems.

Example 1: Configure Windows Remote Management (WinRM) to require Kerberos authentication. Remote PowerShell sessions must authenticate with valid domain credentials before any commands are accepted. Do not allow basic authentication or unencrypted connections.

Example 2: For SSH access to Linux servers, disable password authentication and require SSH key-based authentication with a passphrase. This ensures only users with the correct private key can issue remote commands.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status