Navigate

CCI-002167

CCI-002167 Definition

The organization defines the subjects over which the information system will enforce a role-based access control policy.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the subjects over which the information system will enforce a role-based access control policy.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented subjects to ensure the organization being inspected/assessed defines the subjects over which the information system will enforce a role-based access control policy.

Compelling Evidence

1.) Signed and dated documentation that defines the subjects over which the information system will enforce a role-based access control policy.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002167.

Control	Description
AC-3 (7)	The information system enforces a role-based access control policy over defined subjects and objects and controls access based upon [Assignment: organization-defined roles and users authorized to assume such roles].