AC-6(1): Authorize Access to Security Functions

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

CSF v1.1 References:

Threats Addressed:

Elevation of Privilege

Baselines:

Moderate
High

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-6(1): Authorize Access To Security Functions

Control Statement

Authorize access for [Assignment: organization-defined individuals or roles] to:

[Assignment: organization-defined security functions (deployed in hardware, software, and firmware)]; and
[Assignment: organization-defined security-relevant information].

Supplemental Guidance

Security functions include establishing system accounts, configuring access authorizations (i.e., permissions, privileges), configuring settings for events to be audited, and establishing intrusion detection parameters. Security-relevant information includes filtering rules for routers or firewalls, configuration parameters for security services, cryptographic key management information, and access control lists. Authorized personnel include security administrators, system administrators, system security officers, system programmers, and other privileged users.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Critical Security Controls Version 8