AC-21—User-Based Collaboration And Information Sharing

PBMM (P2)

Secret (P2)

Technical

>Control Description

(A) The organization facilitates information sharing by enabling authorized users to determine if access authorizations assigned to the sharing partner match the access restrictions on the information for ⚙organization-defined information sharing circumstances where user discretion is required; and (B) The organization employs ⚙organization-defined automated mechanisms or manual processes to assist users in making information sharing/collaboration decisions.

>Supplemental Guidance

This control applies to information that may be restricted in some manner (e.g., privileged medical information, contract-sensitive information, proprietary information, personally identifiable information, classified information related to special access programs or compartments) based on some formal or administrative determination. Depending on the particular information-sharing circumstances, sharing partners may be defined at the individual, group, or organizational level. Information may be defined by content, type, security category, or special access program/compartment.

Related control: AC-3

>Tailoring Guidance

Security control (AC-21) aims to ensure that collaboration and information sharing by authorized users with sharing partners is performed in manner consistent with organizational policies.

Ask AI

Configure your API key to use AI features.