Skip to main content

💼 AC-3 ACCESS ENFORCEMENT

  • Contextual name: 💼 AC-3 ACCESS ENFORCEMENT
  • ID: /frameworks/nist-sp-800-53-r4/ac/03
  • Located in: 💼 AC ACCESS CONTROL

Description

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Similar

  • Internal
    • ID: dec-c-442f5fa0

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties1752
💼 NIST CSF v1.1 → 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions413
💼 NIST CSF v1.1 → 💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities2130

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags
💼 AC-3 (1) RESTRICTED ACCESS TO PRIVILEGED FUNCTIONS
💼 AC-3 (2) DUAL AUTHORIZATION
💼 AC-3 (3) MANDATORY ACCESS CONTROL
💼 AC-3 (4) DISCRETIONARY ACCESS CONTROL
💼 AC-3 (5) SECURITY-RELEVANT INFORMATION
💼 AC-3 (6) PROTECTION OF USER AND SYSTEM INFORMATION
💼 AC-3 (7) ROLE-BASED ACCESS CONTROL
💼 AC-3 (8) REVOCATION OF ACCESS AUTHORIZATIONS
💼 AC-3 (9) CONTROLLED RELEASE
💼 AC-3 (10) AUDITED OVERRIDE OF ACCESS CONTROL MECHANISMS

Policies (2)

PolicyLogic CountFlags
📝 Consumer Google Accounts are used 🟢🟢 x3
📝 Google Cloud MySQL Instance allows anyone to connect with administrative privileges 🟢🟢 x3