AC-16(2): Attribute Value Changes by Authorized Individuals

Control Family:

Access Control

Parent Control:

AC-16: Security and Privacy Attributes

CSF v1.1 References:

PR.AC-4
PR.AC-6

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-16(2): Attribute Value Changes By Authorized Individuals

Control Statement

Provide authorized individuals (or processes acting on behalf of individuals) the capability to define or change the value of associated security and privacy attributes.

Supplemental Guidance

The content or assigned values of attributes can directly affect the ability of individuals to access organizational information. Therefore, it is important for systems to be able to limit the ability to create or modify attributes to authorized individuals.