All remote access comes in through a few controlled gateways, not scattered entry points.
What it actually means
Route remote access through a limited number of managed access control points — your VPN concentrator or secure gateway — rather than allowing direct remote connections to internal systems. This concentrates monitoring and control at a few defensible chokepoints.
Pass or fail — an assessor needs a "yes" to each
- Does remote access enter through a small number of managed gateways?
- Are direct remote connections to internal systems blocked?
What to have ready
- Network architecture showing managed remote-access points
- Firewall rules blocking direct remote access
Where teams trip up
- RDP exposed directly to the internet on multiple hosts
- No central remote-access gateway
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →