RA-5(5): Privileged Access

Control Family:

Risk Assessment

Parent Control:

RA-5: Vulnerability Monitoring and Scanning

CSF v1.1 References:

ID.RA-1
PR.IP-12
DE.AE-2
DE.CM-8
DE.DP-4
DE.DP-5
RS.AN-1
RS.MI-3

Baselines:

Moderate
High

Previous Version:

NIST Special Publication 800-53 Revision 4:
RA-5(5): Privileged Access

Control Statement

Implement privileged access authorization to [Assignment: organization-defined system components] for [Assignment: organization-defined vulnerability scanning activities].

Supplemental Guidance

In certain situations, the nature of the vulnerability scanning may be more intrusive, or the system component that is the subject of the scanning may contain classified or controlled unclassified information, such as personally identifiable information. Privileged access authorization to selected system components facilitates more thorough vulnerability scanning and protects the sensitive nature of such scanning.

Control Statement

Supplemental Guidance

Related Controls

Critical Security Controls Version 7.1