AC-3(15): Access Enforcement | Discretionary and Mandatory Access Control

AC-3(15): Access Enforcement | Discretionary and Mandatory Access Control ()

(a) Enforce [Assignment: organization-defined mandatory access control policy] over the set of covered subjects and objects specified in the policy; and
(b) Enforce [Assignment: organization-defined discretionary access control policy] over the set of covered subjects and objects specified in the policy.


Control Identifier	AC-3(15)
Latest Sync Date	19/12/24 09:18:14
Discussion	Simultaneously implementing a mandatory access control policy and a discretionary access control policy can provide additional protection against the unauthorized execution of code by users or processes acting on behalf of users. This helps prevent a single compromised user or process from compromising the entire system.
Related Controls	SC-2, SC-3, AC-4.



NIST 800-53 Controls Catalogue