Navigate

CCI-002354

CCI-002354 Definition

Defines the security attributes, not to include the identity of the user or process acting on behalf of the user, to be used as the basis for enforcing access control decisions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002354.

Control	Description
AC-24(2)	The information system enforces access control decisions based on [one of ] that do not include the identity of the user or process acting on behalf of the user.