Reference: CMMC 2.0
Level Introduced: 2
Title: Remote Access Confidentiality
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
A remote access session involves logging in to the organization's network from a remote location such as home or an alternate work site. This remote access session must be secured using FIPS-validated cryptography to provide confidentiality and prevent anyone from capturing session information exchanges.
As the IT administrator for your organization you are responsible for implementing a remote network access capability for users that work offsite. In order to provide session confidentiality, you decide to establish a TLS based Virtual Private Network mechanism. You chose a product that has completed FIPS validation. You require user authentication rather than mutual authentication, but you also set up two factor authentication based on a token passcode and a user PIN before the VPN is established.