>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-24Access Control Decisions

Technical

>Control Description

(A) The organization establishes procedures to ensure organization-defined access control decisions are applied to each access request prior to access enforcement.

>Supplemental Guidance

Access control decisions (also known as authorization decisions) occur when authorization information is applied to specific accesses. In contrast, access enforcement occurs when information systems enforce access control decisions. While it is very common to have access control decisions and access enforcement implemented by the same entity, it is not required and it is not always an optimal implementation choice.

For some architectures and distributed information systems, different entities may perform access control decisions and access enforcement

Ask AI

Configure your API key to use AI features.