The organization:
(a) Authorizes the execution of privileged commands and access to security-relevant information via remote access only for [Assignment: organization-defined needs]; and
(b) Documents the rationale for such access in the security plan for the information system.
a. Not appropriate for DoD to define for all CSP's infrastructure or service offerings
Source:
DoD RMF TAG