Access Control (AC)
Implement [Assignment: organization-defined techniques and technologies] in associating security and privacy attributes to information.
Access Control (AC)
Change security and privacy attributes associated with information only via regrading mechanisms validated using [Assignment: organization-defined techniques or procedures].
Access Control (AC)
Provide authorized individuals the capability to define or change the type and value of security and privacy attributes available for association with subjects and objects.
Access Control (AC)
Level N/A
a. Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and b. Authorize each type of remote access to the system prior to allowing such connections.
Access Control (AC)
Level N/A
Employ automated mechanisms to monitor and control remote access methods.
Access Control (AC)
Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.
Access Control (AC)
Route remote accesses through authorized and managed network access control points.
Access Control (AC)
(a) Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: [Assignment: organization-defined needs]; and (b) Document the rationale for remote access in the security plan for the system.
Access Control (AC)
Level N/A
[Withdrawn: Incorporated into MP-7.]
Access Control (AC)
Protect information about remote access mechanisms from unauthorized use and disclosure.
