Navigate

CCI-003686

CCI-003686 Definition

Defines the individuals or roles who authorize access to organization-defined security-relevant information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if access is authorized for [AC-06(01)_ODP[01]; individuals and roles with authorized access to security functions and security-relevant information are defined] to [AC-06(01)_ODP[05]; security-relevant information for authorized access is defined].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing least privilege; list of security functions (deployed in hardware, software, and firmware) and security-relevant information for which access must be explicitly authorized; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for defining least privileges necessary to accomplish specified tasks; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms implementing least privilege functions].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003686.

Control	Description
AC-6(1)	Authorize access for [individuals and roles with authorized access to security functions and security-relevant information are defined;] to: (a): [one of ] ; and (b): [security-relevant information for authorized access is defined;].