Navigate

CCI-000213

CCI-000213 Definition

Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if approved authorizations for logical access to information and system resources are enforced in accordance with applicable access control policies.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing access enforcement; system design documentation; system configuration settings and associated documentation; list of approved authorizations (user privileges); system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with access enforcement responsibilities; system/network administrators; organizational personnel with information security and privacy responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing access control policy].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000213.

Control	Description
AC-3	Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.