Navigate

RA-5 (5)

RA-5 (5): Privileged Access

The information system implements privileged access authorization to [Assignment: organization-identified information system components] for selected [Assignment: organization-defined vulnerability scanning activities].

Supplemental

In certain situations, the nature of the vulnerability scanning may be more intrusive or the information system component that is the subject of the scanning may contain highly sensitive information. Privileged access authorization to selected system components facilitates more thorough vulnerability scanning and also protects the sensitive nature of such scanning.

CIA Levels
Confidentiality	low
Integrity	low
Availability	low

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to RA-5 (5).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of RA-5 (5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to RA-5 (5).

CCI	Definition
CCI-001067	The information system implements privileged access authorization to organization-identified information system components for selected organization-defined vulnerability scanning activities.
CCI-001645	The organization identifies the information system components to which privileged access is authorized for selected organization-defined vulnerability scanning activities.
CCI-002906	The organization defines the vulnerability scanning activities in which the information system implements privileged access authorization to organization-identified information system components.