3.3: Configure Data Access Control Lists

CSF v1.1 References:

PR.AC-4

PF v1.0 References:

PR.AC-P4

Threats Addressed:

Tampering
Information Disclosure

Group:

Previous Version:

Critical Security Controls Version 7.1:
14.6: Protect Information Through Access Control Lists

Control Statement

Configure data access control lists based on a user’s need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-171 Revision 2

NIST Special Publication 800-53 Revision 4