Restrict access to data repositories containing [Assignment: organization-defined information types].
|
|
| Control Identifier | AC-3(11) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Restricting access to specific information is intended to provide flexibility regarding access control of specific information types within a system. For example, role-based access could be employed to allow access to only a specific type of personally identifiable information within a database rather than allowing access to the database in its entirety. Other examples include restricting access to cryptographic keys, authentication information, and selected system information. |
| Related Controls | CM-8, CM-12, CM-13, PM-5. |