AC-16(9): Attribute Reassignment

Control Family:

Access Control

Parent Control:

AC-16: Security Attributes

Priority:

P0: Security control not selected in any baseline.

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-16(9): Attribute Reassignment – Regrading Mechanisms

Control Statement

The organization ensures that security attributes associated with information are reassigned only via re-grading mechanisms validated using [Assignment: organization-defined techniques or procedures].

Supplemental Guidance

Validated re-grading mechanisms are employed by organizations to provide the requisite levels of assurance for security attribute reassignment activities. The validation is facilitated by ensuring that re-grading mechanisms are single purpose and of limited function. Since security attribute reassignments can affect security policy enforcement actions (e.g., access/flow enforcement decisions), using trustworthy re-grading mechanisms is necessary to ensure that such mechanisms perform in a consistent/correct mode of operation.