>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-3(5)Access Enforcement

Technical

>Control Description

ACCESS ENFORCEMENT | SECURITY-RELEVANT INFORMATION The information system prevents access to organization-defined security-relevant information except during secure, non-operable system states.

>Supplemental Guidance

Security-relevant information is any information within information systems that can potentially impact the operation of security functions or the provision of security services in a manner that could result in failure to enforce system security policies or maintain the isolation of code and data. Security-relevant information includes, for example, filtering rules for routers/firewalls, cryptographic key management information, configuration parameters for security services, and access control lists. Secure, non-operable system states include the times in which information systems are not performing mission/business-related processing (e.g., the system is off-line for maintenance, troubleshooting, boot-up, shut down).

Related control: CM-3.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability, typically found in Type 1 devices or guards, that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.