Navigate

CCI-002355

CCI-002355 Definition

Enforce access control decisions based on organization-defined security or privacy attributes that do not include the identity of the user or process acting on behalf of the user.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002355.

Control	Description
AC-24(2)	The information system enforces access control decisions based on [one of ] that do not include the identity of the user or process acting on behalf of the user.