14.6: Protect Information Through Access Control Lists
CSF v1.1 References:
PF v1.0 References:
Threats Addressed:
Next Version:
- Critical Security Controls Version 8:
- 3.3: Configure Data Access Control Lists
Control Statement
Protect all information stored on systems with file system, network share, claims, application, or database specific access control lists. These controls will enforce the principle that only authorized individuals should have access to the information based on their need to access the information as a part of their responsibilities.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]