Navigate

AC-6(3)

AC-6(3): Network Access to Privileged Commands

Authorize network access to [privileged commands to which network access is to be authorized only for compelling operational needs are defined;] only for [compelling operational needs necessitating network access to privileged commands are defined;] and document the rationale for such access in the security plan for the system.

Supplemental

Network access is any access across a network connection in lieu of local access (i.e., user being physically present at the device).

CIA Levels
Confidentiality	high
Integrity	high
Availability	unknown

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-6(3).

Control	Description
AC-17	a: Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and b: Authorize each type of remote access to the system prior to allowing such connections.
AC-18	a: Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and b: Authorize each type of wireless access to the system prior to allowing such connections.
AC-19	a: Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and b: Authorize the connection of mobile devices to organizational systems.

Enhancements

The controls below (if any) add on to the requirements of AC-6(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-6(3).

CCI	Definition
CCI-000041	Authorize network access to organization-defined privileged commands only for organization-defined compelling operational needs.
CCI-000042	Document the rationale for authorized network access to organization-defined privileged commands in the security plan for the system.
CCI-001420	Defines the privileged commands to which network access is to be authorized only for organization-defined compelling operational needs.
CCI-002224	Defines the compelling operational needs that must be met in order to be authorized network access to organization-defined privileged commands.