AC-3(12): Assert and Enforce Application Access

Control Family:

Access Control

Parent Control:

AC-3: Access Enforcement

CSF v1.1 References:

PR.AC-4
PR.PT-3

Threats Addressed:

Elevation of Privilege
Lateral Movement

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Require applications to assert, as part of the installation process, the access needed to the following system applications and functions: [Assignment: organization-defined system applications and functions];
Provide an enforcement mechanism to prevent unauthorized access; and
Approve access changes after initial installation of the application.

Supplemental Guidance

Asserting and enforcing application access is intended to address applications that need to access existing system applications and functions, including user contacts, global positioning systems, cameras, keyboards, microphones, networks, phones, or other files.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5