Navigate

AC-16 (10)

AC-16 (10): Attribute Configuration By Authorized Individuals

The information system provides authorized individuals the capability to define or change the type and value of security attributes available for association with subjects and objects.

Supplemental

The content or assigned values of security attributes can directly affect the ability of individuals to access organizational information. Therefore, it is important for information systems to be able to limit the ability to create or modify security attributes to authorized individuals only.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

Related Controls

The controls below (if any) were marked by NIST as being related to AC-16 (10).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of AC-16 (10).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-16 (10).

CCI	Definition
CCI-002305	The organization identifies individuals authorized to define or change the type and value of security attributes available for association with subjects and objects.
CCI-002306	The information system provides authorized individuals the capability to define or change the type of security attributes available for association with subjects.
CCI-002307	The information system provides authorized individuals the capability to define or change the value of security attributes available for association with subjects.
CCI-002308	The information system provides authorized individuals the capability to define or change the type of security attributes available for association with objects.
CCI-002309	The information system provides authorized individuals the capability to define or change the value of security attributes available for association with objects.