CCI-002353

Transmit organization-defined access authorization information using organization-defined controls to organization-defined systems that enforce access control decisions.

Implementation Guidance

Determine if [AC-24(01)_ODP[01]; access authorization information transmitted to systems that enforce access control decisions is defined] is transmitted using [AC-24(01)_ODP[02]; controls to be used when authorization information is transmitted to systems that enforce access control decisions are defined] to [AC-24(01)_ODP[03]; systems that enforce access control decisions are defined] that enforce access control decisions

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing access enforcement; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with access enforcement responsibilities; system/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing access enforcement functions].

The controls below (if any) were marked by NIST as being related to CCI-002353.