💼 AC-3 ACCESS ENFORCEMENT
- ID:
/frameworks/nist-sp-800-53-r4/ac/03
Description
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Similar
- Internal
- ID:
dec-c-442f5fa0
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties | 17 | 56 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions | 4 | 13 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities | 21 | 30 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 AC-3 (1) RESTRICTED ACCESS TO PRIVILEGED FUNCTIONS | no data | ||||
| 💼 AC-3 (2) DUAL AUTHORIZATION | no data | ||||
| 💼 AC-3 (3) MANDATORY ACCESS CONTROL | no data | ||||
| 💼 AC-3 (4) DISCRETIONARY ACCESS CONTROL | no data | ||||
| 💼 AC-3 (5) SECURITY-RELEVANT INFORMATION | no data | ||||
| 💼 AC-3 (6) PROTECTION OF USER AND SYSTEM INFORMATION | no data | ||||
| 💼 AC-3 (7) ROLE-BASED ACCESS CONTROL | no data | ||||
| 💼 AC-3 (8) REVOCATION OF ACCESS AUTHORIZATIONS | no data | ||||
| 💼 AC-3 (9) CONTROLLED RELEASE | no data | ||||
| 💼 AC-3 (10) AUDITED OVERRIDE OF ACCESS CONTROL MECHANISMS | no data |
Policies (2)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ Consumer Google Accounts are used🟢⚪ | 🟢 x2, ⚪ x1 | no data | |
| 🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪ | 🟢 x2, ⚪ x1 | no data |