Access Control (AC)
Provide authorized individuals (or processes acting on behalf of individuals) the capability to define or change the value of associated security and privacy attributes.
Access Control (AC)
Maintain the association and integrity of [Assignment: organization-defined security and privacy attributes] to [Assignment: organization-defined subjects and objects].
Access Control (AC)
Provide the capability to associate [Assignment: organization-defined security and privacy attributes] with [Assignment: organization-defined subjects and objects] by authorized individuals (or processes acting on behalf of individuals).
Access Control (AC)
Display security and privacy attributes in human-readable form on each object that the system transmits to output devices to identify [Assignment: organization-defined special dissemination, handling, or distribution instructions] using [Assignment: organization-defined human-readable, standard naming conventions].
Access Control (AC)
Require personnel to associate and maintain the association of [Assignment: organization-defined security and privacy attributes] with [Assignment: organization-defined subjects and objects] in accordance with [Assignment: organization-defined security and privacy policies].
Access Control (AC)
Provide a consistent interpretation of security and privacy attributes transmitted between distributed system components.
Access Control (AC)
Implement [Assignment: organization-defined techniques and technologies] in associating security and privacy attributes to information.
Access Control (AC)
Change security and privacy attributes associated with information only via regrading mechanisms validated using [Assignment: organization-defined techniques or procedures].
Access Control (AC)
Provide authorized individuals the capability to define or change the type and value of security and privacy attributes available for association with subjects and objects.
Access Control (AC)
Level N/A
a. Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and b. Authorize each type of remote access to the system prior to allowing such connections.
