AC — Access Control
65 controls in the Access Control family
AC-1Policy and Procedures
IL4 ModIL4 HighIL5IL6
AC-2Account Management
IL4 ModIL4 HighIL5IL6
AC-2(1)Account Management | Automated System Account Management
IL4 ModIL4 HighIL5IL6
AC-2(2)Account Management | Automated Temporary and Emergency Account Management
IL4 ModIL4 HighIL5IL6
AC-2(3)Account Management | Disable Accounts
IL4 ModIL4 HighIL5IL6
AC-2(4)Account Management | Automated Audit Actions
IL4 ModIL4 HighIL5IL6
AC-2(5)Account Management | Inactivity Logout
IL4 ModIL4 HighIL5IL6
AC-2(7)Account Management | Privileged User Accounts
IL4 ModIL4 HighIL5IL6
AC-2(9)Account Management | Restrictions on Use of Shared and Group Accounts
IL4 ModIL4 HighIL5IL6
AC-2(11)Account Management | Usage Conditions
IL4 HighIL5IL6
AC-2(12)Account Management | Account Monitoring for Atypical Usage
IL4 ModIL4 HighIL5IL6
AC-2(13)Account Management | Disable Accounts for High-risk Individuals
IL4 ModIL4 HighIL5IL6
AC-3Access Enforcement
IL4 ModIL4 HighIL5IL6
AC-3(2)Access Enforcement | Dual Authorization
IL6
AC-3(4)Access Enforcement | Discretionary Access Control
IL5IL6
AC-4Information Flow Enforcement
IL4 ModIL4 HighIL5IL6
AC-4(4)Information Flow Enforcement | Flow Control of Encrypted Information
IL4 HighIL5IL6
AC-4(21)Information Flow Enforcement | Physical or Logical Separation of Information Flows
IL4 ModIL4 HighIL5IL6
AC-5Separation of Duties
IL4 ModIL4 HighIL5IL6
AC-6Least Privilege
IL4 ModIL4 HighIL5IL6
AC-6(1)Least Privilege | Authorize Access to Security Functions
IL4 ModIL4 HighIL5IL6
AC-6(2)Least Privilege | Non-privileged Access for Nonsecurity Functions
IL4 ModIL4 HighIL5IL6
AC-6(3)Least Privilege | Network Access to Privileged Commands
IL4 HighIL5IL6
AC-6(5)Least Privilege | Privileged Accounts
IL4 ModIL4 HighIL5IL6
AC-6(7)Least Privilege | Review of User Privileges
IL4 ModIL4 HighIL5IL6
AC-6(8)Least Privilege | Privilege Levels for Code Execution
IL4 HighIL5IL6
AC-6(9)Least Privilege | Log Use of Privileged Functions
IL4 ModIL4 HighIL5IL6
AC-6(10)Least Privilege | Prohibit Non-privileged Users from Executing Privileged Functions
IL4 ModIL4 HighIL5IL6
AC-7Unsuccessful Logon Attempts
IL4 ModIL4 HighIL5IL6
AC-8System Use Notification
IL4 ModIL4 HighIL5IL6
AC-10Concurrent Session Control
IL4 HighIL5IL6
AC-11Device Lock
IL4 ModIL4 HighIL5IL6
AC-11(1)Device Lock | Pattern-hiding Displays
IL4 ModIL4 HighIL5IL6
AC-12Session Termination
IL4 ModIL4 HighIL5IL6
AC-12(1)Session Termination | User-initiated Logouts
IL5IL6
AC-12(2)Session Termination | Termination Message
IL5IL6
AC-14Permitted Actions Without Identification or Authentication
IL4 ModIL4 HighIL5IL6
AC-16Security and Privacy Attributes
IL5IL6
AC-16(5)Security and Privacy Attributes | Attribute Displays on Objects to Be Output
IL6
AC-16(6)Security and Privacy Attributes | Maintenance of Attribute Association
IL5IL6
AC-16(7)Security and Privacy Attributes | Consistent Attribute Interpretation
IL5IL6
AC-17Remote Access
IL4 ModIL4 HighIL5IL6
AC-17(1)Remote Access | Monitoring and Control
IL4 ModIL4 HighIL5IL6
AC-17(2)Remote Access | Protection of Confidentiality and Integrity Using Encryption
IL4 ModIL4 HighIL5IL6
AC-17(3)Remote Access | Managed Access Control Points
IL4 ModIL4 HighIL5IL6
AC-17(4)Remote Access | Privileged Commands and Access
IL4 ModIL4 HighIL5IL6
AC-17(6)Remote Access | Protection of Mechanism Information
IL5IL6
AC-17(9)Remote Access | Disconnect or Disable Access
IL5IL6
AC-17(10)Remote Access | Authenticate Remote Commands
IL5IL6
AC-18Wireless Access
IL4 ModIL4 HighIL5IL6
AC-18(1)Wireless Access | Authentication and Encryption
IL4 ModIL4 HighIL5IL6
AC-18(3)Wireless Access | Disable Wireless Networking
IL4 ModIL4 HighIL5IL6
AC-18(4)Wireless Access | Restrict Configurations by Users
IL4 HighIL5IL6
AC-18(5)Wireless Access | Antennas and Transmission Power Levels
IL4 HighIL5IL6
AC-19Access Control for Mobile Devices
IL4 ModIL4 HighIL5IL6
AC-19(4)Access Control for Mobile Devices | Restrictions for Classified Information
IL6
AC-19(5)Access Control for Mobile Devices | Full Device or Container-based Encryption
IL4 ModIL4 HighIL5IL6
AC-20Use of External Systems
IL4 ModIL4 HighIL5IL6
AC-20(1)Use of External Systems | Limits on Authorized Use
IL4 ModIL4 HighIL5IL6
AC-20(2)Use of External Systems | Portable Storage Devices -- Restricted Use
IL4 ModIL4 HighIL5IL6
AC-20(3)Use of External Systems | Non-organizationally Owned Systems -- Restricted Use
IL5IL6
AC-20(4)Use of External Systems | Network Accessible Storage Devices -- Prohibited Use
IL6
AC-21Information Sharing
IL4 ModIL4 HighIL5IL6
AC-22Publicly Accessible Content
IL4 ModIL4 HighIL5IL6
AC-23Data Mining Protection
IL5IL6