Skip to main content

πŸ’Ό AC-3 ACCESS ENFORCEMENT

  • Contextual name: πŸ’Ό AC-3 ACCESS ENFORCEMENT
  • ID: /frameworks/nist-sp-800-53-r4/ac/03
  • Located in: πŸ’Ό AC ACCESS CONTROL

Description​

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Similar​

  • Internal
    • ID: dec-c-442f5fa0

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties1735
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions48
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities2125

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AC-3 (1) RESTRICTED ACCESS TO PRIVILEGED FUNCTIONS
πŸ’Ό AC-3 (2) DUAL AUTHORIZATION
πŸ’Ό AC-3 (3) MANDATORY ACCESS CONTROL
πŸ’Ό AC-3 (4) DISCRETIONARY ACCESS CONTROL
πŸ’Ό AC-3 (5) SECURITY-RELEVANT INFORMATION
πŸ’Ό AC-3 (6) PROTECTION OF USER AND SYSTEM INFORMATION
πŸ’Ό AC-3 (7) ROLE-BASED ACCESS CONTROL
πŸ’Ό AC-3 (8) REVOCATION OF ACCESS AUTHORIZATIONS
πŸ’Ό AC-3 (9) CONTROLLED RELEASE
πŸ’Ό AC-3 (10) AUDITED OVERRIDE OF ACCESS CONTROL MECHANISMS