Access Control (AC)

Only permit the use of shared and group accounts that meet [Assignment: organization-defined conditions for establishing shared and group accounts].


Login

Access Control (AC)

[Withdrawn: Incorporated into AC-2 and AU-6.]


Login

Access Control (AC)

Enforce [Assignment: organization-defined circumstances and/or usage conditions] for [Assignment: organization-defined system accounts].


Login

Access Control (AC)

(a) Monitor system accounts for [Assignment: organization-defined atypical usage]; and (b) Report atypical usage of system accounts to [Assignment: organization-defined personnel or roles].


Login

Access Control (AC)

Disable accounts of individuals within [Assignment: organization-defined time period] of discovery of [Assignment: organization-defined significant risks].


Login

Access Control (AC)

Level N/A

Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.


Login

Access Control (AC)

[Withdrawn: Incorporated into AC-14.]


Login

Access Control (AC)

Enforce dual authorization for [Assignment: organization-defined privileged commands and/or other organization-defined actions].


Login

Access Control (AC)

Enforce [Assignment: organization-defined mandatory access control policy] over the set of covered subjects and objects specified in the policy, and where the policy: (a) Is uniformly enforced across the covered subjects and objects within the system; (b) Specifies that a subject that has been granted access to information is constrained from doing any of the following; (1) Passing the information to unauthorized subjects or objects; (2) Granting its privileges to other subjects; (3) Changing one or more security attributes (specified by the policy) on subjects, objects, the system, or system components; (4) Choosing the security attributes and attribute values (specified by the policy) to be associated with newly created or modified objects; and (5) Changing the rules governing access control; and (c) Specifies that [Assignment: organization-defined subjects] may explicitly be granted [Assignment: organization-defined privileges] such that they are not limited by any defined subset (or all) of the above constraints.


Login

Access Control (AC)

Enforce [Assignment: organization-defined discretionary access control policy] over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information can do one or more of the following: (a) Pass the information to any other subjects or objects; (b) Grant its privileges to other subjects; (c) Change security attributes on subjects, objects, the system, or the system’s components; (d) Choose the security attributes to be associated with newly created or revised objects; or (e) Change the rules governing access control.


Login