CMMC Practice Requirement:

Route remote access via managed access control points.

CMMC Requirement Explanation:

By limiting the number of access points for remote connections you can reduce your company's attack surface.

Example CMMC Implementation:

Route all your VPN connections through a single point (e.g. your external firewall). This allows you to better monitor VPN connections. This generally applies when you have VPN connections coming in from multiple offices.


- Scenario 1:

Alice is a system administrator who manages the IT systems at her company's headquarters and two overseas offices. Each office has its own VPN setup to allow access to the resources on their networks. To better monitor VPN connections, Alice routes all VPN connections through the intrusion detection system at her company's headquarters.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance