Route remote access via managed access control points.

This control is really just a break out of what you need to do with regards to remote access. On its own it doesn’t help you much, you need to combine it with your encryption, monitoring, control of your VPN and your wireless. You also need to make sure that how people access your network remotely flows through the devices you have purchased or own that follow the standards required of these devices, like being FIPS compatible, able to end sessions, have session timeouts, etc.

You need to make sure that remote access sessions flow over these controlled and compliant devices. Don’t let people connect to your network through a wireless access point that doesn’t support FIPS encryption and can’t shut off access on demand.

It isn’t enough that you have some of these devices in your environment but if you don’t have the appropriate equipment in all locations then you don’t let resources access your network that contains the CUI from there and you move them over to a location or area that does have that equipment. Routing can be physical or at a data layer.