AC-16 (4)
AC-16 (4): Association Of Attributes By Authorized Individuals
The information system supports the association of [Assignment: organization-defined security attributes] with [Assignment: organization-defined subjects and objects] by authorized individuals (or processes acting on behalf of individuals).
Supplemental
The support provided by information systems can vary to include: (i) prompting users to select specific security attributes to be associated with specific information objects; (ii) employing automated mechanisms for categorizing information with appropriate attributes based on defined policies; or (iii) ensuring that the combination of selected security attributes selected is valid. Organizations consider the creation, deletion, or modification of security attributes when defining auditable events.
| CIA Levels | |
|---|---|
| Confidentiality | unknown |
| Integrity | unknown |
| Availability | unknown |
| Overlays |
|---|
| Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), NC3 |