NIST SP 800-53

MODERATE BASELINE SECURITY CONTROLS

TAILORING ACTION

AC-1

Access Control Policy and Procedures

NFO

AC-2

Account Management

CUI

AC-2(1)

ACCOUNT MANAGEMENT | AUTOMATED SYSTEM ACCOUNT MANAGEMENT

NCO

AC-2(2)

ACCOUNT MANAGEMENT | REMOVAL OF TEMPORARY / EMERGENCY ACCOUNTS

NCO

AC-2(3)

ACCOUNT MANAGEMENT | DISABLE INACTIVE ACCOUNTS

NCO

AC-2(4)

ACCOUNT MANAGEMENT | AUTOMATED AUDIT ACTIONS

NCO

AC-3

Access Enforcement

CUI

AC-4

Information Flow Enforcement

CUI

AC-5

Separation of Duties

CUI

AC-6

Least Privilege

CUI

AC-6(1)

LEAST PRIVILEGE | AUTHORIZE ACCESS TO SECURITY FUNCTIONS

CUI

AC-6(2)

LEAST PRIVILEGE | NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS

CUI

AC-6(5)

LEAST PRIVILEGE | PRIVILEGED ACCOUNTS

CUI

AC-6(9)

LEAST PRIVILEGE | AUDITING USE OF PRIVILEGED FUNCTIONS

CUI

AC-6(10)

LEAST PRIVILEGE | PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS

CUI

AC-7

Unsuccessful Logon Attempts

CUI

AC-8

System Use Notification

CUI

AC-11

Session Lock

CUI

AC-11(1)

SESSION LOCK | PATTERN-HIDING DISPLAYS

CUI

AC-12

Session Termination

CUI

AC-14

Permitted Actions without Identification or Authentication

FED

AC-17

Remote Access

CUI

AC-17(1)

REMOTE ACCESS | AUTOMATED MONITORING / CONTROL

CUI

AC-17(2)

REMOTE ACCESS | PROTECTION OF CONFIDENTIALITY / INTEGRITY USING ENCRYPTION

CUI

AC-17(3)

REMOTE ACCESS | MANAGED ACCESS CONTROL POINTS

CUI

AC-17(4)

REMOTE ACCESS | PRIVILEGED COMMANDS / ACCESS

CUI

AC-18

Wireless Access

CUI

AC-18(1)

WIRELESS ACCESS | AUTHENTICATION AND ENCRYPTION

CUI

AC-19

Access Control for Mobile Devices

CUI

AC-19(5)

ACCESS CONTROL FOR MOBILE DEVICES | FULL DEVICE / CONTAINER-BASED ENCRYPTION

CUI

AC-20

Use of External Information Systems

CUI

AC-20(1)

USE OF EXTERNAL INFORMATION SYSTEMS | LIMITS ON AUTHORIZED USE

CUI

AC-20(2)

USE OF EXTERNAL INFORMATION SYSTEMS | PORTABLE STORAGE DEVICES

CUI

AC-21

Information Sharing

FED

AC-22

Publicly Accessible Content

CUI