๐ผ AC-3 (4) DISCRETIONARY ACCESS CONTROL
- Contextual name: ๐ผ AC-3 (4) DISCRETIONARY ACCESS CONTROL
- ID:
/frameworks/nist-sp-800-53-r4/ac/03/04
- Located in: ๐ผ AC-3 ACCESS ENFORCEMENT
Descriptionโ
The information system enforces [Assignment: organization-defined discretionary access control policy] over defined subjects and objects where the policy specifies that a subject that has been granted access to information can do one or more of the following: AC-3 (4)(a) Pass the information to any other subjects or objects; AC-3 (4)(b) Grant its privileges to other subjects; AC-3 (4)(c) Change security attributes on subjects, objects, the information system, or the information system???s components; AC-3 (4)(d) Choose the security attributes to be associated with newly created or revised objects; or AC-3 (4)(e) Change the rules governing access control.
Similarโ
- Internal
- ID:
dec-c-bde471f2
- ID:
Sub Sectionsโ
Section | Sub Sections | Internal Rules | Policies | Flags |
---|