cdpse-d2-infrastructure-remote-access

Remote Access

isaca-cdpse · framework · Production-ready

Drawn fromCDPSE Review Manual · ISACA peer-reviewed case sets·Reviewed May 5, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Remote Access

Privacy-compliant remote access is the design, implementation, and governance of systems that allow authorized users to connect to organizational networks, applications, and data from outside the physical perimeter — while ensuring that the access itself does not create unauthorized data collection, surveillance, or privacy violations. It sits at the intersection of security architecture (controlling who can connect) and privacy architecture (controlling what personal data is generated, retained, and used as a result of that connection). Remote access infrastructure includes VPNs, Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), privileged access management (PAM) systems, and API service accounts.

Where it stops · what it isn't

—INCLUDES: VPN, ZTNA, SASE, PAM, MFA systems, endpoint compliance checks, session recording, audit logging, and remote wipe capabilities as privacy-relevant infrastructure components
—INCLUDES: The personal data generated by remote access — IP addresses, connection timestamps, device identifiers, location data, and behavioral metadata — which are subject to GDPR, CCPA, and other privacy regulations
—INCLUDES: Third-party and contractor remote access, API-based access by service accounts, and non-human identities (RPA bots, CI/CD pipelines) that create audit and privacy visibility gaps
—EXCLUDES: Physical access control systems (badge readers, secure rooms) even though they share identity management principles — those fall under physical security architecture
—EXCLUDES: Internal network segmentation and zero-trust controls applied entirely within a physical premises — this cubelet focuses on the external-to-internal access boundary
—DOES NOT EQUAL 'cybersecurity': Privacy-compliant remote access adds data minimization, purpose limitation, and retention controls on top of — not instead of — security controls like MFA and encryption
—DOES NOT EQUAL VPN: VPN is one legacy mechanism; modern privacy-compliant remote access often replaces or supplements VPN with SASE or ZTNA architectures

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Privacy Architecture — Infrastructure (ISACA CDPSE Domain 2)

REQUIRES

Identity and Access Management (IAM)Encryption in Transit and at RestPrivacy Impact Assessment (PIA)

ENABLES

Zero Trust Architecture (ZTA) ImplementationRegulatory Compliance (GDPR Article 32, CCPA, NIS2, PCI DSS 4.0)

RELATED TO

Endpoint Security and Device ManagementAudit Logging and Monitoring

CONSTRAINS

Shadow IT and Unauthorized SaaS Access

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.