800-171
Description: Access control policies (e.g., identity- or role-based policies, control matrices, and cryptography) control access between active entities or...
Mon, 10 Jul, 2023 at 9:50 AM
Description: Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both. System acc...
Tue, 11 Jul, 2023 at 6:13 AM
Description: Information flow control regulates where information can travel within a system and between systems (versus who can access the information) a...
Tue, 11 Jul, 2023 at 6:13 AM
Description: Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without c...
Tue, 11 Jul, 2023 at 6:14 AM
Description: Organizations employ the principle of least privilege for specific duties and authorized accesses for users and processes. The principle of l...
Mon, 10 Jul, 2023 at 9:49 AM
Description: This requirement limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situations where o...
Tue, 11 Jul, 2023 at 6:15 AM
Description: Privileged functions include establishing system accounts, performing system integrity checks, conducting patching operations, or administeri...
Tue, 11 Jul, 2023 at 6:16 AM
Description: System monitoring includes external and internal monitoring. System monitoring can detect unauthorized use of organizational systems. System m...
Tue, 11 Jul, 2023 at 2:35 AM
Description: This requirement applies regardless of whether the logon occurs via a local or network connection. Due to the potential for denial of servic...
Tue, 11 Jul, 2023 at 6:17 AM
Description: System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the system bo...
Mon, 10 Jul, 2023 at 9:07 AM