๐ผ AC-3(4) Access Enforcement | Discretionary Access Control
- Contextual name: ๐ผ AC-3(4) Access Enforcement | Discretionary Access Control
- ID:
/frameworks/nist-sp-800-53-r5/ac/03/04 - Located in: ๐ผ AC-3 Access Enforcement
Descriptionโ
Enforce [Assignment: organization-defined discretionary access control policy] over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information can do one or more of the following: (a) Pass the information to any other subjects or objects; (b) Grant its privileges to other subjects; (c) Change security attributes on subjects, objects, the system, or the systemโs components; (d) Choose the security attributes to be associated with newly created or revised objects; or (e) Change the rules governing access control.
Similarโ
- Internal
- ID:
dec-c-be9200df
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|