NIST SP 800-53 r4 - Security Control Family: Access Control - Controls for MODERATE Impact Systems, v4

Profile of requirements corresponding to all MODERATE impact security controls in NIST Special Publication 800-53, r4, under the control family of Access Control.
Identifier https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-access-control---controls-for-moderate-impact-systems/4/
Publication Date 2021-04-26
Issuing Organization
Trustmark Support help@trustmarkinitiative.org No telephone 75 5th Street, GTRI 30332
Keywords 800-53, Access Control, NIST, Security, Moderate
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TIP_NISTSP80053r4SecurityControlFamilyAccessControlControlsforLOWImpactSystems and TIP_NISTSP80053r4SecurityControlAC1AccessControlPolicyandProcedures and TIP_NISTSP80053r4SecurityControlAC2AccountManagement and TIP_NISTSP80053r4SecurityControlAC21AutomatedSystemAccountManagement and TIP_NISTSP80053r4SecurityControlAC22RemovalofTemporaryEmergencyAccounts and TIP_NISTSP80053r4SecurityControlAC23DisableInactiveAccounts and TIP_NISTSP80053r4SecurityControlAC24AutomatedAuditActions and TIP_NISTSP80053r4SecurityControlAC3AccessEnforcement and TIP_NISTSP80053r4SecurityControlAC4InformationFlowEnforcement and TIP_NISTSP80053r4SecurityControlAC5SeparationofDuties and TIP_NISTSP80053r4SecurityControlAC6LeastPrivilege and TIP_NISTSP80053r4SecurityControlAC61AuthorizeAccesstoSecurityFunctions and TIP_NISTSP80053r4SecurityControlAC62NonPrivilegedAccessforNonsecurityFunctions and TIP_NISTSP80053r4SecurityControlAC65PrivilegedAccounts and TIP_NISTSP80053r4SecurityControlAC69AuditingUseofPrivilegedFunctions and TIP_NISTSP80053r4SecurityControlAC610ProhibitNonPrivilegedUsersfromExecutingPrivilegedFunctions and TIP_NISTSP80053r4SecurityControlAC7UnsuccessfulLogonAttempts and TIP_NISTSP80053r4SecurityControlAC8SystemUseNotification and TIP_NISTSP80053r4SecurityControlAC11SessionLock and TIP_NISTSP80053r4SecurityControlAC111PatternHidingDisplays and TIP_NISTSP80053r4SecurityControlAC12SessionTermination and TIP_NISTSP80053r4SecurityControlAC14PermittedActionsWithoutIdentificationorAuthentication and TIP_NISTSP80053r4SecurityControlAC17RemoteAccess and TIP_NISTSP80053r4SecurityControlAC171AutomatedMonitoringControl and TIP_NISTSP80053r4SecurityControlAC172ProtectionofConfidentialityIntegrityUsingEncryption and TIP_NISTSP80053r4SecurityControlAC173ManagedAccessControlPoints and TIP_NISTSP80053r4SecurityControlAC174PrivilegedCommandsAccess and TIP_NISTSP80053r4SecurityControlAC18WirelessAccess and TIP_NISTSP80053r4SecurityControlAC181AuthenticationandEncryption and TIP_NISTSP80053r4SecurityControlAC19AccessControlforMobileDevices and TIP_NISTSP80053r4SecurityControlAC195FullDeviceContainerBasedEncryption and TIP_NISTSP80053r4SecurityControlAC20UseofExternalInformationSystems and TIP_NISTSP80053r4SecurityControlAC201LimitsonAuthorizedUse and TIP_NISTSP80053r4SecurityControlAC202PortableStorageDevices and TIP_NISTSP80053r4SecurityControlAC21InformationSharing and TIP_NISTSP80053r4SecurityControlAC22PubliclyAccessibleContent

References (36)

 TIP  NIST SP 800-53 r4 - Security Control Family: Access Control - Controls for LOW Impact Systems, v4
Description Profile of requirements corresponding to all LOW impact security controls in NIST Special Publication 800-53, r4, under the control family of Access Control.
ID TIP_NISTSP80053r4SecurityControlFamilyAccessControlControlsforLOWImpactSystems
 TIP  NIST SP 800-53 r4 Security Control AC-1: Access Control Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-1: Access Control Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC1AccessControlPolicyandProcedures
 TIP  NIST SP 800-53 r4 Security Control AC-2: Account Management, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2: Account Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC2AccountManagement
 TIP  NIST SP 800-53 r4 Security Control AC-2 (1): Automated System Account Management, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (1): Automated System Account Management. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC21AutomatedSystemAccountManagement
 TIP  NIST SP 800-53 r4 Security Control AC-2 (2): Removal of Temporary / Emergency Accounts, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (2): Removal of Temporary / Emergency Accounts. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC22RemovalofTemporaryEmergencyAccounts
 TIP  NIST SP 800-53 r4 Security Control AC-2 (3): Disable Inactive Accounts, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (3): Disable Inactive Accounts. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC23DisableInactiveAccounts
 TIP  NIST SP 800-53 r4 Security Control AC-2 (4): Automated Audit Actions, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (4): Automated Audit Actions. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC24AutomatedAuditActions
 TIP  NIST SP 800-53 r4 Security Control AC-3: Access Enforcement, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-3: Access Enforcement. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC3AccessEnforcement
 TIP  NIST SP 800-53 r4 Security Control AC-4: Information Flow Enforcement, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-4: Information Flow Enforcement. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC4InformationFlowEnforcement
 TIP  NIST SP 800-53 r4 Security Control AC-5: Separation of Duties, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-5: Separation of Duties. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC5SeparationofDuties
 TIP  NIST SP 800-53 r4 Security Control AC-6: Least Privilege, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6: Least Privilege. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC6LeastPrivilege
 TIP  NIST SP 800-53 r4 Security Control AC-6 (1): Authorize Access to Security Functions, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (1): Authorize Access to Security Functions. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC61AuthorizeAccesstoSecurityFunctions
 TIP  NIST SP 800-53 r4 Security Control AC-6 (2): Non-Privileged Access for Nonsecurity Functions, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (2): Non-Privileged Access for Nonsecurity Functions. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC62NonPrivilegedAccessforNonsecurityFunctions
 TIP  NIST SP 800-53 r4 Security Control AC-6 (5): Privileged Accounts, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (5): Privileged Accounts. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC65PrivilegedAccounts
 TIP  NIST SP 800-53 r4 Security Control AC-6 (9): Auditing Use of Privileged Functions, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (9): Auditing Use of Privileged Functions. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC69AuditingUseofPrivilegedFunctions
 TIP  NIST SP 800-53 r4 Security Control AC-6 (10): Prohibit Non-Privileged Users from Executing Privileged Functions, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (10): Prohibit Non-Privileged Users from Executing Privileged Functions. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC610ProhibitNonPrivilegedUsersfromExecutingPrivilegedFunctions
 TIP  NIST SP 800-53 r4 Security Control AC-7: Unsuccessful Logon Attempts, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-7: Unsuccessful Logon Attempts. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC7UnsuccessfulLogonAttempts
 TIP  NIST SP 800-53 r4 Security Control AC-8: System Use Notification, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-8: System Use Notification. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC8SystemUseNotification
 TIP  NIST SP 800-53 r4 Security Control AC-11: Session Lock, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-11: Session Lock. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC11SessionLock
 TIP  NIST SP 800-53 r4 Security Control AC-11 (1): Pattern-Hiding Displays, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-11 (1): Pattern-Hiding Displays. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC111PatternHidingDisplays
 TIP  NIST SP 800-53 r4 Security Control AC-12: Session Termination, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-12: Session Termination. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC12SessionTermination
 TIP  NIST SP 800-53 r4 Security Control AC-14: Permitted Actions Without Identification or Authentication, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-14: Permitted Actions Without Identification or Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC14PermittedActionsWithoutIdentificationorAuthentication
 TIP  NIST SP 800-53 r4 Security Control AC-17: Remote Access, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17: Remote Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC17RemoteAccess
 TIP  NIST SP 800-53 r4 Security Control AC-17 (1): Automated Monitoring / Control, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (1): Automated Monitoring / Control. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC171AutomatedMonitoringControl
 TIP  NIST SP 800-53 r4 Security Control AC-17 (2): Protection of Confidentiality / Integrity Using Encryption, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (2): Protection of Confidentiality / Integrity Using Encryption. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC172ProtectionofConfidentialityIntegrityUsingEncryption
 TIP  NIST SP 800-53 r4 Security Control AC-17 (3): Managed Access Control Points, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (3): Managed Access Control Points. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC173ManagedAccessControlPoints
 TIP  NIST SP 800-53 r4 Security Control AC-17 (4): Privileged Commands / Access, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (4): Privileged Commands / Access. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC174PrivilegedCommandsAccess
 TIP  NIST SP 800-53 r4 Security Control AC-18: Wireless Access, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18: Wireless Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC18WirelessAccess
 TIP  NIST SP 800-53 r4 Security Control AC-18 (1): Authentication and Encryption, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18 (1): Authentication and Encryption. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC181AuthenticationandEncryption
 TIP  NIST SP 800-53 r4 Security Control AC-19: Access Control for Mobile Devices, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-19: Access Control for Mobile Devices. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC19AccessControlforMobileDevices
 TIP  NIST SP 800-53 r4 Security Control AC-19 (5): Full Device / Container-Based Encryption, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-19 (5): Full Device / Container-Based Encryption. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC195FullDeviceContainerBasedEncryption
 TIP  NIST SP 800-53 r4 Security Control AC-20: Use of External Information Systems, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20: Use of External Information Systems. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC20UseofExternalInformationSystems
 TIP  NIST SP 800-53 r4 Security Control AC-20 (1): Limits on Authorized Use, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20 (1): Limits on Authorized Use. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC201LimitsonAuthorizedUse
 TIP  NIST SP 800-53 r4 Security Control AC-20 (2): Portable Storage Devices, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20 (2): Portable Storage Devices. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC202PortableStorageDevices
 TIP  NIST SP 800-53 r4 Security Control AC-21: Information Sharing, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-21: Information Sharing. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC21InformationSharing
 TIP  NIST SP 800-53 r4 Security Control AC-22: Publicly Accessible Content, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-22: Publicly Accessible Content. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlAC22PubliclyAccessibleContent

Sources (1)

SP800-53R4 NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.
Also available as XML or JSON