Security and Privacy Controls for Information Systems and Organizations

ACCESS CONTROL

The ACCESS CONTROL Playbook addresses the following areas:

  • Policy and Procedures
  • Account Management
  • Access Enforcement
  • Information Flow Enforcement
  • Separation of Duties
  • Least Privilege
  • Unsuccessful Logon Attempts
  • System Use Notification
  • Previous Logon Notification
  • Concurrent Session Control
  • Device Lock
  • Session Termination
  • Supervision and Review-Access Control
  • Permitted Actions without Identification or Authentication
  • Automated Marking
  • Security and Privacy Attributes
  • Remote Access
  • Wireless Access
  • Access Control for Mobile Devices
  • Use of External Systems
  • Information Sharing
  • Data Mining Protection
  • Access Control Decisions
  • Reference Monitor

The ACCESS CONTROL Playbook is included in the Security and Privacy Controls for Information Systems and Organizations (NIST 80-53) Library which has been developed by the U.S. Department of Commerce's  National Institute of Standards and Technology (NIST).  It establishes controls for systems and organizations. The controls can be implemented within any organization or system that processes, stores, or transmits information.  

Back (Small2)