Skip to main content

๐Ÿ’ผ AC-3 (4) DISCRETIONARY ACCESS CONTROL

  • Contextual name: ๐Ÿ’ผ AC-3 (4) DISCRETIONARY ACCESS CONTROL
  • ID: /frameworks/nist-sp-800-53-r4/ac/03/04
  • Located in: ๐Ÿ’ผ AC-3 ACCESS ENFORCEMENT

Descriptionโ€‹

The information system enforces [Assignment: organization-defined discretionary access control policy] over defined subjects and objects where the policy specifies that a subject that has been granted access to information can do one or more of the following: AC-3 (4)(a) Pass the information to any other subjects or objects; AC-3 (4)(b) Grant its privileges to other subjects; AC-3 (4)(c) Change security attributes on subjects, objects, the information system, or the information system???s components; AC-3 (4)(d) Choose the security attributes to be associated with newly created or revised objects; or AC-3 (4)(e) Change the rules governing access control.

Similarโ€‹

  • Internal
    • ID: dec-c-bde471f2

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags