Control Baselines for Information - NIST
NIST Special Publication 800-53B
Control Baselines for Information Systems and Organizations
JOINT TASK FORCE
Note that NIST Special Publication (SP) 800-53B contains additional background, scoping, and implementation guidance in addition to the controls and baselines. This PDF is produced from OSCAL Source data and represents a derivative format of controls defined in NIST SP 800-53B, Control Baselines for Information Systems and Organizations. This version contains only the control baseline tables. If there are any discrepancies noted in the content between this NIST SP 800-53B derivative data format and the latest published NIST SP 800-53, Revision 5 (normative) and NIST SP 800-53B (normative), please contact seccert@ and refer to the official published documents.
NIST SP 800-53B is available free of charge from:
This publicaon is available free of charge from: hps://10.6028/NIST.SP.800-53B
NIST SP 800-53B
Control Baselines for Informaon Systems and Organizaons
3.1 ACCESS CONTROL FAMILY
Table 3-1 provides a summary of the controls and control enhancements assigned to the Access Control Family. The controls are allocated to the low-impact, moderate-impact, and high-impact security control baselines and the privacy control baseline, as appropriate. A control or control enhancement that has been withdrawn from the control catalog is indicated by a "W" and an explanaon of the control or control enhancement disposion in light gray text.
TABLE 3-1: ACCESS CONTROL FAMILY
PRIVACY CONTROL BASELINE
CONTROL NUMBER
CONTROL NAME
CONTROL ENHANCEMENT NAME
SECURITY CONTROL BASELINES
LOW MOD HIGH
AC-1 AC-2 AC-2(1) AC-2(2) AC-2(3) AC-2(4) AC-2(5) AC-2(6) AC-2(7) AC-2(8) AC-2(9) AC-2(10) AC-2(11) AC-2(12) AC-2(13) AC-3 AC-3(1) AC-3(2) AC-3(3) AC-3(4) AC-3(5)
Policy and Procedures Account Management
AUTOMATED SYSTEM ACCOUNT MANAGEMENT AUTOMATED TEMPORARY AND EMERGENCY ACCOUNT MANAGEMENT DISABLE ACCOUNTS AUTOMATED AUDIT ACTIONS INACTIVITY LOGOUT DYNAMIC PRIVILEGE MANAGEMENT PRIVILEGED USER ACCOUNTS DYNAMIC ACCOUNT MANAGEMENT RESTRICTIONS ON USE OF SHARED AND GROUP ACCOUNTS SHARED AND GROUP ACCOUNT CREDENTIAL CHANGE USAGE CONDITIONS ACCOUNT MONITORING FOR ATYPICAL USAGE DISABLE ACCOUNTS FOR HIGH-RISK INDIVIDUALS
Access Enforcement
RESTRICTED ACCESS TO PRIVILEGED FUNCTIONS DUAL AUTHORIZATION MANDATORY ACCESS CONTROL DISCRETIONARY ACCESS CONTROL SECURITY-RELEVANT INFORMATION
AC-3(6) PROTECTION OF USER AND SYSTEM INFORMATION
AC-3(7) AC-3(8)
ROLE-BASED ACCESS CONTROL REVOCATION OF ACCESS AUTHORIZATIONS
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
W: Incorporated into AC-2.
x
x
x
x
x
x
x
W: Incorporated into AC-6.
W: Incorporated into MP-4 and SC-28.
FAMILY: AC
This document is produced from OSCAL source data
PAGE 1
This publicaon is available free of charge from: hps://10.6028/NIST.SP.800-53B
NIST SP 800-53B
Control Baselines for Informaon Systems and Organizaons
CONTROL NUMBER
CONTROL NAME
CONTROL ENHANCEMENT NAME
AC-3(9) AC-3(10) AC-3(11) AC-3(12) AC-3(13) AC-3(14) AC-3(15) AC-4 AC-4(1) AC-4(2) AC-4(3) AC-4(4) AC-4(5) AC-4(6) AC-4(7) AC-4(8) AC-4(9) AC-4(10) AC-4(11) AC-4(12) AC-4(13) AC-4(14) AC-4(15) AC-4(16) AC-4(17) AC-4(18) AC-4(19) AC-4(20) AC-4(21) AC-4(22) AC-4(23)
CONTROLLED RELEASE AUDITED OVERRIDE OF ACCESS CONTROL MECHANISMS RESTRICT ACCESS TO SPECIFIC INFORMATION TYPES ASSERT AND ENFORCE APPLICATION ACCESS ATTRIBUTE-BASED ACCESS CONTROL INDIVIDUAL ACCESS DISCRETIONARY AND MANDATORY ACCESS CONTROL
Informaon Flow Enforcement
OBJECT SECURITY AND PRIVACY ATTRIBUTES PROCESSING DOMAINS DYNAMIC INFORMATION FLOW CONTROL FLOW CONTROL OF ENCRYPTED INFORMATION EMBEDDED DATA TYPES METADATA ONE-WAY FLOW MECHANISMS SECURITY AND PRIVACY POLICY FILTERS HUMAN REVIEWS ENABLE AND DISABLE SECURITY OR PRIVACY POLICY FILTERS CONFIGURATION OF SECURITY OR PRIVACY POLICY FILTERS DATA TYPE IDENTIFIERS DECOMPOSITION INTO POLICY-RELEVANT SUBCOMPONENTS SECURITY OR PRIVACY POLICY FILTER CONSTRAINTS DETECTION OF UNSANCTIONED INFORMATION INFORMATION TRANSFERS ON INTERCONNECTED SYSTEMS DOMAIN AUTHENTICATION SECURITY ATTRIBUTE BINDING VALIDATION OF METADATA APPROVED SOLUTIONS PHYSICAL OR LOGICAL SEPARATION OF INFORMATION FLOWS ACCESS ONLY MODIFY NON-RELEASABLE INFORMATION
PRIVACY CONTROL BASELINE
SECURITY CONTROL BASELINES
LOW MOD HIGH
x
x
x
x
W: Incorporated into AC-4. W: Incorporated into AC-16.
FAMILY: AC
This document is produced from OSCAL source data
PAGE 2
This publicaon is available free of charge from: hps://10.6028/NIST.SP.800-53B
NIST SP 800-53B
Control Baselines for Informaon Systems and Organizaons
CONTROL NUMBER
CONTROL NAME
CONTROL ENHANCEMENT NAME
AC-4(24) AC-4(25) AC-4(26) AC-4(27) AC-4(28) AC-4(29) AC-4(30) AC-4(31) AC-4(32) AC-5 AC-6 AC-6(1) AC-6(2) AC-6(3) AC-6(4) AC-6(5) AC-6(6) AC-6(7) AC-6(8) AC-6(9) AC-6(10) AC-7 AC-7(1) AC-7(2) AC-7(3) AC-7(4) AC-8 AC-9 AC-9(1) AC-9(2) AC-9(3)
INTERNAL NORMALIZED FORMAT DATA SANITIZATION AUDIT FILTERING ACTIONS REDUNDANT/INDEPENDENT FILTERING MECHANISMS LINEAR FILTER PIPELINES FILTER ORCHESTRATION ENGINES FILTER MECHANISMS USING MULTIPLE PROCESSES FAILED CONTENT TRANSFER PREVENTION PROCESS REQUIREMENTS FOR INFORMATION TRANSFER
Separaon of Dues Least Privilege
AUTHORIZE ACCESS TO SECURITY FUNCTIONS NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS NETWORK ACCESS TO PRIVILEGED COMMANDS SEPARATE PROCESSING DOMAINS PRIVILEGED ACCOUNTS PRIVILEGED ACCESS BY NON-ORGANIZATIONAL USERS REVIEW OF USER PRIVILEGES PRIVILEGE LEVELS FOR CODE EXECUTION LOG USE OF PRIVILEGED FUNCTIONS PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS
Unsuccessful Logon Aempts
AUTOMATIC ACCOUNT LOCK PURGE OR WIPE MOBILE DEVICE BIOMETRIC ATTEMPT LIMITING USE OF ALTERNATE AUTHENTICATION FACTOR
System Use Noficaon Previous Logon Noficaon
UNSUCCESSFUL LOGONS SUCCESSFUL AND UNSUCCESSFUL LOGONS NOTIFICATION OF ACCOUNT CHANGES
PRIVACY CONTROL BASELINE
SECURITY CONTROL BASELINES
LOW MOD HIGH
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
W: Incorporated into AC-7.
x
x
x
FAMILY: AC
This document is produced from OSCAL source data
PAGE 3
This publicaon is available free of charge from: hps://10.6028/NIST.SP.800-53B
NIST SP 800-53B
Control Baselines for Informaon Systems and Organizaons
CONTROL NUMBER
CONTROL NAME
CONTROL ENHANCEMENT NAME
AC-9(4) AC-10 AC-11 AC-11(1) AC-12 AC-12(1) AC-12(2) AC-12(3)
ADDITIONAL LOGON INFORMATION
Concurrent Session Control Device Lock
PATTERN-HIDING DISPLAYS
Session Terminaon
USER-INITIATED LOGOUTS TERMINATION MESSAGE TIMEOUT WARNING MESSAGE
AC-13
Supervision and Review -- Access Control
AC-14
Permied Acons Without Idenficaon or Authencaon
AC-14(1) NECESSARY USES
AC-15
Automated Marking
AC-16
Security and Privacy Aributes
AC-16(1) DYNAMIC ATTRIBUTE ASSOCIATION
AC-16(2) ATTRIBUTE VALUE CHANGES BY AUTHORIZED INDIVIDUALS
AC-16(3) MAINTENANCE OF ATTRIBUTE ASSOCIATIONS BY SYSTEM
AC-16(4) ASSOCIATION OF ATTRIBUTES BY AUTHORIZED INDIVIDUALS
AC-16(5) ATTRIBUTE DISPLAYS ON OBJECTS TO BE OUTPUT
AC-16(6) MAINTENANCE OF ATTRIBUTE ASSOCIATION
AC-16(7) CONSISTENT ATTRIBUTE INTERPRETATION
AC-16(8) ASSOCIATION TECHNIQUES AND TECHNOLOGIES
AC-16(9) ATTRIBUTE REASSIGNMENT -- REGRADING MECHANISMS
AC-16(10) ATTRIBUTE CONFIGURATION BY AUTHORIZED INDIVIDUALS
AC-17
Remote Access
AC-17(1) MONITORING AND CONTROL
AC-17(2) PROTECTION OF CONFIDENTIALITY AND INTEGRITY USING ENCRYPTION
AC-17(3) MANAGED ACCESS CONTROL POINTS
AC-17(4) PRIVILEGED COMMANDS AND ACCESS
AC-17(5) MONITORING FOR UNAUTHORIZED CONNECTIONS
AC-17(6) PROTECTION OF MECHANISM INFORMATION
AC-17(7) ADDITIONAL PROTECTION FOR SECURITY FUNCTION ACCESS
PRIVACY CONTROL BASELINE
SECURITY CONTROL BASELINES
LOW MOD HIGH
x
x
x
x
x
x
x
W: Incorporated into AC-2 and AU-6.
x
x
x
W: Incorporated into AC-14.
W: Incorporated into MP-3.
x
x
x
x
x
x
x
x
x
x
x
W: Incorporated into SI-4.
W: Incorporated into AC-3(10).
FAMILY: AC
This document is produced from OSCAL source data
PAGE 4
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- suspension systems accessories guide
- ac 800 communications circuits mike holt
- medical treatment guideline for shoulder diagnosis and
- ac 20 143 installation inspection and maintenance of
- by order of the air force manual 65 116 secretary
- ac 120 16g air carrier maintenance programs
- module 5 chromatographic techniques lecture 28 principles
- control baselines for information nist
- module 5 distillation
Related searches
- inventory control systems for warehouse
- inventory control software for warehousing
- stimulus control technique for erectile dysfunction
- quality control plan for construction
- quality control program for construction
- infection control activities for cosmetology
- inventory control systems for manufacturing
- bladder control exercises for elderly
- inventory control software for manufacturing
- inventory control software for my warehouse
- control commands for microsoft word
- pressure control ventilation for dummies