An error occurred:

© 2024 Xylok, LLC

Version: v2024.10.3-0fa4-8a67

Navigate

AC-17 (4)

AC-17 (4): Privileged Commands / Access

The organization:

AC-17 (4)(a): Authorizes the execution of privileged commands and access to security-relevant information via remote access only for [Assignment: organization-defined needs]; and

AC-17 (4)(b): Documents the rationale for such access in the security plan for the information system.

Supplemental

None

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-17 (4).

Control	Description
AC-6	The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Enhancements

The controls below (if any) add on to the requirements of AC-17 (4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-17 (4).

CCI	Definition
CCI-000070	The organization authorizes the execution of privileged commands via remote access only for organization-defined needs.
CCI-002316	The organization authorizes access to security-relevant information via remote access only for organization-defined needs.
CCI-002317	The organization defines the operational needs for when the execution of privileged commands via remote access is to be authorized.
CCI-002318	The organization defines the operational needs for when access to security-relevant information via remote access is to be authorized.
CCI-002319	The organization documents in the security plan for the information system the rationale for authorization of the execution of privilege commands via remote access.
CCI-002320	The organization documents in the security plan for the information system the rationale for authorization of access to security-relevant information via remote access.