An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
72/172
)
CCIs
Number
Definition
Status
Related
CCI-002161
Defines subjects which may explicitly be granted organization-defined privileges such that they are not limited by any of the mandatory access control constraints.
Draft
AC-3(3)
CCI-002162
Defines the privileges that may explicitly be granted to organization-defined subjects such that they are not limited by any of the mandatory access control constraints.
Draft
AC-3(3)
CCI-002163
Defines the discretionary access control policies the information system is to enforce over subjects and objects.
Draft
AC-3(4)
CCI-002164
Enforce organization-defined discretionary access control policy that over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information can do one or more of the following: pass the information to any other subjects or objects; grant its privileges to other subjects; change security attributes on subjects, objects, the system, or the system's components; choose the security attributes to be associated with newly created or revised objects; and/or change the rules governing access control.
Draft
AC-3(4)
CCI-002165
Enforce organization-defined discretionary access control policies over defined subjects and objects.
Draft
AC-3(4)
CCI-002166
Defines the role-based access control policies to enforce over all subjects and objects.
Draft
AC-3(7)
CCI-002167
The organization defines the subjects over which the information system will enforce a role-based access control policy.
Draft
AC-3(7)
CCI-002168
The organization defines the objects over which the information system will enforce a role-based access control policy.
Draft
AC-3(7)
CCI-002169
Enforce a role-based access control policy over defined subjects and objects based upon organization-defined roles and users authorized to assume such roles.
Draft
AC-3(7)
CCI-002170
Control access based upon organization-defined roles and users authorized to assume such roles.
Draft
AC-3(7)
CCI-002171
The information system enforces a role-based access control policy over organization-defined subjects.
Deprecated
AC-3(7)
CCI-002172
The information system enforces a role-based access control policy over organization-defined objects.
Deprecated
AC-3(7)
CCI-002173
Defines the roles authorized to control access based upon the role-based access control policy.
Draft
AC-3(7)
CCI-002174
Defines the users authorized to control access based upon the role-based access control policy.
Draft
AC-3(7)
CCI-002175
The information system controls access based upon organization-defined roles authorized to assume such roles, employing the organization-defined role-based access control policy.
Deprecated
AC-3(7)
CCI-002176
The information system controls access based upon organization-defined users authorized to assume such roles, employing the organization-defined role-based access control policy.
Deprecated
AC-3(7)
CCI-002177
Defines the rules governing the timing of revocation of access authorizations.
Draft
AC-3(8)
CCI-002178
Enforce the revocation of access authorizations resulting from changes to the security attributes of subjects based on organization-defined rules governing the timing of revocations of access authorizations.
Draft
AC-3(8)
CCI-002179
Enforce the revocation of access authorizations resulting from changes to the security attributes of objects based on organization-defined rules governing the timing of revocations of access authorizations.
Draft
AC-3(8)
CCI-002180
Defines the controls the organization-defined system or system component is to provide to protect information released outside the established system boundary.
Draft
AC-3(9)
CCI-002181
Defines system or system components that are to provide organization-defined controls to protect information received outside the established system boundary.
Draft
AC-3(9)
CCI-002182
Release information outside of the established system boundary only if organization-defined system or system components provides organization-defined controls.
Draft
AC-3(9)
CCI-002183
Defines the controls to be used to validate the appropriateness of the information designated for release.
Draft
AC-3(9)
CCI-002184
Release information outside of the established system boundary only if organization-defined controls are used to validate the appropriateness of the information designated for release.
Draft
AC-3(9)
CCI-002185
Defines the conditions on which it will employ an audited override of automated access control mechanisms.
Draft
AC-3(10)
CCI-002186
Employ an audited override of automated access control mechanisms under organization-defined conditions by organization-defined roles.
Draft
AC-3(10)
CCI-002187
Defines the security attributes to be used to enforce organization-defined information flow control policies.
Draft
AC-4(1)
CCI-002188
Defines the information, source, and destination objects with which the organization-defined security attributes are to be associated.
Draft
AC-4(1)
CCI-002189
Defines the information flow control policies to be enforced for flow control decisions.
Draft
AC-4(1)
CCI-002190
Use organization-defined security attributes associated with organization-defined information, source, and destination objects to enforce organization-defined information flow control policies as a basis for flow control decisions.
Draft
AC-4(1)
Prev
1...
68
69
70
71
72
73
74
75
76
...172
Next