2.0
Level 1 Description: Access control policies (e.g., identity- or role-based policies, control matrices, and cryptography) control access between active...
Fri, 14 Jul, 2023 at 4:27 AM
Level 1 Description: Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both....
Fri, 14 Jul, 2023 at 6:53 AM
Level 1 Description: External systems are systems or components of systems for which organizations typically have no direct supervision and authority o...
Fri, 14 Jul, 2023 at 6:56 AM
Level 1 Description: In accordance with laws, Executive Orders, directives, policies, regulations, or standards, the public is not authorized access to...
Fri, 14 Jul, 2023 at 7:11 AM
Level 2 Description: Information flow control regulates where information can travel within a system and between systems (versus who can access the infor...
Fri, 14 Jul, 2023 at 7:33 AM
Level 2 Description: Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activit...
Fri, 14 Jul, 2023 at 8:07 AM
Level 2 Description: Organizations employ the principle of least privilege for specific duties and authorized accesses for users and processes. The pri...
Fri, 14 Jul, 2023 at 8:05 AM
Level 2 Description: This requirement limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situati...
Fri, 14 Jul, 2023 at 8:37 AM
Level 2 Description: Privileged functions include establishing system accounts, performing system integrity checks, conducting patching operations, or ...
Fri, 14 Jul, 2023 at 8:52 AM
Level 2 Description: This requirement applies regardless of whether the logon occurs via a local or network connection. Due to the potential for denia...
Fri, 14 Jul, 2023 at 9:15 AM