SC-3(2): Access / Flow Control Functions

Control Family:

System And Communications Protection

Parent Control:

SC-3: Security Function Isolation

Priority:

P1: Implement P1 security controls first.

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-3(2): Access and Flow Control Functions

Control Statement

The information system isolates security functions enforcing access and information flow control from nonsecurity functions and from other security functions.

Supplemental Guidance

Security function isolation occurs as a result of implementation; the functions can still be scanned and monitored. Security functions that are potentially isolated from access and flow control enforcement functions include, for example, auditing, intrusion detection, and anti-virus functions.