CCI-000061

Identify organization-defined user actions that can be performed on the system without identification or authentication consistent with organizational missions/business functions.

Implementation Guidance

Determine if [AC-14_ODP; user actions that can be performed on the system without identification or authentication are defined] that can be performed on the system without identification or authentication consistent with Organizational mission and business functions are identified.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing permitted actions without identification or authentication; system configuration settings and associated documentation; security plan; list of user actions that can be performed without identification or authentication; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities].

The controls below (if any) were marked by NIST as being related to CCI-000061.