family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
Develop, document, and disseminate to {{ insert: param, ac-1_prm_1 }}: {{ insert: param, ac-01_odp.03 }} access control policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the access control policy and the associated access controls; Designate an {{ insert: param, ac-01_odp.04 }} to manage the development, documentation, and dissemination of the access control policy and procedures; and Review and update the current access control: Policy {{ insert: param, ac-01_odp.05 }} and following {{ insert: param, ac-01_odp.06 }} ; and Procedures {{ insert: param, ac-01_odp.07 }} and following {{ insert: param, ac-01_odp.08 }}.
family AC
framework nist-800-53
Limit the number of concurrent sessions for each {{ insert: param, ac-10_odp.01 }} to {{ insert: param, ac-10_odp.02 }}.
family AC
framework nist-800-53
Prevent further access to the system by {{ insert: param, ac-11_odp.01 }} ; and Retain the device lock until the user reestablishes access using established identification and authentication procedures.
family AC
framework nist-800-53
Conceal, via the device lock, information previously visible on the display with a publicly viewable image.
family AC
framework nist-800-53
Automatically terminate a user session after {{ insert: param, ac-12_odp }}.
family AC
framework nist-800-53
Provide a logout capability for user-initiated communications sessions whenever authentication is used to gain access to {{ insert: param, ac-12.01_odp }}.
family AC
framework nist-800-53
Display an explicit logout message to users indicating the termination of authenticated communications sessions.
family AC
framework nist-800-53
Display an explicit message to users indicating that the session will end in {{ insert: param, ac-12.03_odp }}.
family AC
framework nist-800-53
family AC
framework nist-800-53
Identify {{ insert: param, ac-14_odp }} that can be performed on the system without identification or authentication consistent with organizational mission and business functions; and Document and provide supporting rationale in the security plan for the system, user actions not requiring identification or authentication.
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
Provide the means to associate {{ insert: param, ac-16_prm_1 }} with {{ insert: param, ac-16_prm_2 }} for information in storage, in process, and/or in transmission; Ensure that the attribute associations are made and retained with the information; Establish the following permitted security and privacy attributes from the attributes defined in [AC-16a](#ac-16_smt.a) for {{ insert: param, ac-16_prm_3 }}: {{ insert: param, ac-16_prm_4 }}; Determine the following permitted attribute values or ranges for each of the established attributes: {{ insert: param, ac-16_odp.09 }}; Audit changes to attributes; and Review {{ insert: param, ac-16_prm_6 }} for applicability {{ insert: param, ac-16_prm_7 }}.
family AC
framework nist-800-53
Dynamically associate security and privacy attributes with {{ insert: param, ac-16.1_prm_1 }} in accordance with the following security and privacy policies as information is created and combined: {{ insert: param, ac-16.1_prm_2 }}.
family AC
framework nist-800-53
Provide authorized individuals the capability to define or change the type and value of security and privacy attributes available for association with subjects and objects.
family AC
framework nist-800-53
Provide authorized individuals (or processes acting on behalf of individuals) the capability to define or change the value of associated security and privacy attributes.
family AC
framework nist-800-53
Maintain the association and integrity of {{ insert: param, ac-16.3_prm_1 }} to {{ insert: param, ac-16.3_prm_2 }}.
family AC
framework nist-800-53
Provide the capability to associate {{ insert: param, ac-16.4_prm_1 }} with {{ insert: param, ac-16.4_prm_2 }} by authorized individuals (or processes acting on behalf of individuals).
family AC
framework nist-800-53
Display security and privacy attributes in human-readable form on each object that the system transmits to output devices to identify {{ insert: param, ac-16.05_odp.01 }} using {{ insert: param, ac-16.05_odp.02 }}.
family AC
framework nist-800-53
Require personnel to associate and maintain the association of {{ insert: param, ac-16.6_prm_1 }} with {{ insert: param, ac-16.6_prm_2 }} in accordance with {{ insert: param, ac-16.6_prm_3 }}.
family AC
framework nist-800-53
Provide a consistent interpretation of security and privacy attributes transmitted between distributed system components.
family AC
framework nist-800-53
Implement {{ insert: param, ac-16.8_prm_1 }} in associating security and privacy attributes to information.
family AC
framework nist-800-53
Change security and privacy attributes associated with information only via regrading mechanisms validated using {{ insert: param, ac-16.9_prm_1 }}.
family AC
framework nist-800-53
Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and Authorize each type of remote access to the system prior to allowing such connections.
family AC
framework nist-800-53
Employ automated mechanisms to monitor and control remote access methods.
family AC
framework nist-800-53
Implement {{ insert: param, ac-17.10_odp.01 }} to authenticate {{ insert: param, ac-17.10_odp.02 }}.
family AC
framework nist-800-53
Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.
family AC
framework nist-800-53
Route remote accesses through authorized and managed network access control points.
family AC
framework nist-800-53
Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: {{ insert: param, ac-17.4_prm_1 }} ; and Document the rationale for remote access in the security plan for the system.
family AC
framework nist-800-53
family AC
framework nist-800-53
Protect information about remote access mechanisms from unauthorized use and disclosure.
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
Provide the capability to disconnect or disable remote access to the system within {{ insert: param, ac-17.09_odp }}.
family AC
framework nist-800-53
Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and Authorize each type of wireless access to the system prior to allowing such connections.
family AC
framework nist-800-53
Protect wireless access to the system using authentication of {{ insert: param, ac-18.01_odp }} and encryption.
family AC
framework nist-800-53
family AC
framework nist-800-53
Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment.
family AC
framework nist-800-53
Identify and explicitly authorize users allowed to independently configure wireless networking capabilities.
family AC
framework nist-800-53
Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries.
family AC
framework nist-800-53
Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and Authorize the connection of mobile devices to organizational systems.
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
family AC
framework nist-800-53
Prohibit the use of unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and Enforce the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information: Connection of unclassified mobile devices to classified systems is prohibited; Connection of unclassified mobile devices to unclassified systems requires approval from the authorizing official; Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by {{ insert: param, ac-19.04_odp.01 }} , and if classified information is found, the incident handling policy is followed. Restrict the connection of classified mobile devices to classified systems in accordance with {{ insert: param, ac-19.04_odp.02 }}.
family AC
framework nist-800-53
Employ {{ insert: param, ac-19.05_odp.01 }} to protect the confidentiality and integrity of information on {{ insert: param, ac-19.05_odp.02 }}.
family AC
framework nist-800-53
Define and document the types of accounts allowed and specifically prohibited for use within the system; Assign account managers; Require {{ insert: param, ac-02_odp.01 }} for group and role membership; Specify: Authorized users of the system; Group and role membership; and Access authorizations (i.e., privileges) and {{ insert: param, ac-02_odp.02 }} for each account; Require approvals by {{ insert: param, ac-02_odp.03 }} for requests to create accounts; Create, enable, modify, disable, and remove accounts in accordance with {{ insert: param, ac-02_odp.04 }}; Monitor the use of accounts; Notify account managers and {{ insert: param, ac-02_odp.05 }} within: {{ insert: param, ac-02_odp.06 }} when accounts are no longer required; {{ insert: param, ac-02_odp.07 }} when users are terminated or transferred; and {{ insert: param, ac-02_odp.08 }} when system usage or need-to-know changes for an individual; Authorize access to the system based on: A valid access authorization; Intended system usage; and {{ insert: param, ac-02_odp.09 }}; Review accounts for compliance with account management requirements {{ insert: param, ac-02_odp.10 }}; Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and Align account management processes with personnel termination and transfer processes.
family AC
framework nist-800-53
Support the management of system accounts using {{ insert: param, ac-02.01_odp }}.
family AC
framework nist-800-53
family AC
framework nist-800-53
Enforce {{ insert: param, ac-02.11_odp.01 }} for {{ insert: param, ac-02.11_odp.02 }}.
family AC
framework nist-800-53
Monitor system accounts for {{ insert: param, ac-02.12_odp.01 }} ; and Report atypical usage of system accounts to {{ insert: param, ac-02.12_odp.02 }}.
family AC
framework nist-800-53
Disable accounts of individuals within {{ insert: param, ac-02.13_odp.01 }} of discovery of {{ insert: param, ac-02.13_odp.02 }}.
family AC
framework nist-800-53
Automatically {{ insert: param, ac-02.02_odp.01 }} temporary and emergency accounts after {{ insert: param, ac-02.02_odp.02 }}.
family AC
framework nist-800-53
Disable accounts within {{ insert: param, ac-02.03_odp.01 }} when the accounts: Have expired; Are no longer associated with a user or individual; Are in violation of organizational policy; or Have been inactive for {{ insert: param, ac-02.03_odp.02 }}.
family AC
framework nist-800-53
Automatically audit account creation, modification, enabling, disabling, and removal actions.
family AC
framework nist-800-53
Require that users log out when {{ insert: param, ac-02.05_odp }}.
family AC
framework nist-800-53
Implement {{ insert: param, ac-02.06_odp }}.
family AC
framework nist-800-53
Establish and administer privileged user accounts in accordance with {{ insert: param, ac-02.07_odp }}; Monitor privileged role or attribute assignments; Monitor changes to roles or attributes; and Revoke access when privileged role or attribute assignments are no longer appropriate.
family AC
framework nist-800-53
Create, activate, manage, and deactivate {{ insert: param, ac-02.08_odp }} dynamically.
family AC
framework nist-800-53
Only permit the use of shared and group accounts that meet {{ insert: param, ac-02.09_odp }}.
family AC
framework nist-800-53
{{ insert: param, ac-20_odp.01 }} , consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to: Access the system from external systems; and Process, store, or transmit organization-controlled information using external systems; or Prohibit the use of {{ insert: param, ac-20_odp.04 }}.
family AC
framework nist-800-53
Permit authorized individuals to use an external system to access the system or to process, store, or transmit organization-controlled information only after: Verification of the implementation of controls on the external system as specified in the organization’s security and privacy policies and security and privacy plans; or Retention of approved system connection or processing agreements with the organizational entity hosting the external system.
family AC
framework nist-800-53
Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using {{ insert: param, ac-20.02_odp }}.
family AC
framework nist-800-53
Restrict the use of non-organizationally owned systems or system components to process, store, or transmit organizational information using {{ insert: param, ac-20.03_odp }}.
family AC
framework nist-800-53
Prohibit the use of {{ insert: param, ac-20.04_odp }} in external systems.
family AC
framework nist-800-53
Prohibit the use of organization-controlled portable storage devices by authorized individuals on external systems.
family AC
framework nist-800-53
Enable authorized users to determine whether access authorizations assigned to a sharing partner match the information’s access and use restrictions for {{ insert: param, ac-21_odp.01 }} ; and Employ {{ insert: param, ac-21_odp.02 }} to assist users in making information sharing and collaboration decisions.
family AC
framework nist-800-53
Employ {{ insert: param, ac-21.01_odp }} to enforce information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.
family AC
framework nist-800-53
Implement information search and retrieval services that enforce {{ insert: param, ac-21.02_odp }}.
family AC
framework nist-800-53
Designate individuals authorized to make information publicly accessible; Train authorized individuals to ensure that publicly accessible information does not contain nonpublic information; Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and Review the content on the publicly accessible system for nonpublic information {{ insert: param, ac-22_odp }} and remove such information, if discovered.
family AC
framework nist-800-53
Employ {{ insert: param, ac-23_odp.01 }} for {{ insert: param, ac-23_odp.02 }} to detect and protect against unauthorized data mining.
family AC
framework nist-800-53
{{ insert: param, ac-24_odp.01 }} to ensure {{ insert: param, ac-24_odp.02 }} are applied to each access request prior to access enforcement.
family AC
framework nist-800-53
Transmit {{ insert: param, ac-24.01_odp.01 }} using {{ insert: param, ac-24.01_odp.02 }} to {{ insert: param, ac-24.01_odp.03 }} that enforce access control decisions.
family AC
framework nist-800-53