>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-24(2)Access Control Decisions

Technical

>Control Description

ACCESS CONTROL DECISIONS | NO USER OR PROCESS IDENTITY The information system enforces access control decisions based on organization-defined security attributes that do not include the identity of the user or process acting on behalf of the user.

>Supplemental Guidance

In certain situations, it is important that access control decisions can be made without information regarding the identity of the users issuing the requests. These are generally instances where preserving individual privacy is of paramount importance. In other situations, user identification information is simply not needed for access control decisions and, especially in the case of distributed information systems, transmitting such information with the needed degree of assurance may be very expensive or difficult to accomplish.

Ask AI

Configure your API key to use AI features.