Table E-1: Tailoring Actions for Access Controls
NIST SP 800-53 MODERATE BASELINE SECURITY CONTROLS |
TAILORING ACTION |
|
AC-1 |
Access Control Policy and Procedures |
NFO |
AC-2 |
Account Management |
CUI |
AC-2(1) |
ACCOUNT MANAGEMENT | AUTOMATED SYSTEM ACCOUNT MANAGEMENT |
NCO |
AC-2(2) |
ACCOUNT MANAGEMENT | REMOVAL OF TEMPORARY / EMERGENCY ACCOUNTS |
NCO |
AC-2(3) |
ACCOUNT MANAGEMENT | DISABLE INACTIVE ACCOUNTS |
NCO |
AC-2(4) |
ACCOUNT MANAGEMENT | AUTOMATED AUDIT ACTIONS |
NCO |
AC-3 |
Access Enforcement |
CUI |
AC-4 |
Information Flow Enforcement |
CUI |
AC-5 |
Separation of Duties |
CUI |
AC-6 |
Least Privilege |
CUI |
AC-6(1) |
LEAST PRIVILEGE | AUTHORIZE ACCESS TO SECURITY FUNCTIONS |
CUI |
AC-6(2) |
LEAST PRIVILEGE | NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS |
CUI |
AC-6(5) |
LEAST PRIVILEGE | PRIVILEGED ACCOUNTS |
CUI |
AC-6(9) |
LEAST PRIVILEGE | AUDITING USE OF PRIVILEGED FUNCTIONS |
CUI |
AC-6(10) |
LEAST PRIVILEGE | PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS |
CUI |
AC-7 |
Unsuccessful Logon Attempts |
CUI |
AC-8 |
System Use Notification |
CUI |
AC-11 |
Session Lock |
CUI |
AC-11(1) |
SESSION LOCK | PATTERN-HIDING DISPLAYS |
CUI |
AC-12 |
Session Termination |
CUI |
AC-14 |
Permitted Actions without Identification or Authentication |
FED |
AC-17 |
Remote Access |
CUI |
AC-17(1) |
REMOTE ACCESS | AUTOMATED MONITORING / CONTROL |
CUI |
AC-17(2) |
REMOTE ACCESS | PROTECTION OF CONFIDENTIALITY / INTEGRITY USING ENCRYPTION |
CUI |
AC-17(3) |
REMOTE ACCESS | MANAGED ACCESS CONTROL POINTS |
CUI |
AC-17(4) |
REMOTE ACCESS | PRIVILEGED COMMANDS / ACCESS |
CUI |
AC-18 |
Wireless Access |
CUI |
AC-18(1) |
WIRELESS ACCESS | AUTHENTICATION AND ENCRYPTION |
CUI |
AC-19 |
Access Control for Mobile Devices |
CUI |
AC-19(5) |
ACCESS CONTROL FOR MOBILE DEVICES | FULL DEVICE / CONTAINER-BASED ENCRYPTION |
CUI |
AC-20 |
Use of External Information Systems |
CUI |
AC-20(1) |
USE OF EXTERNAL INFORMATION SYSTEMS | LIMITS ON AUTHORIZED USE |
CUI |
AC-20(2) |
USE OF EXTERNAL INFORMATION SYSTEMS | PORTABLE STORAGE DEVICES |
CUI |
AC-21 |
Information Sharing |
FED |
AC-22 |
Publicly Accessible Content |
CUI |