The Access Control (AC) objective is based around the policies and procedures in place at a 3pao to limit access to various resources within the environment to appropriate individuals. Below is a list of the various activities that are required to be implemented to address and mitigate access control related risks.
- Access Control Policy and Procedures
- Account Management
- Access Enforcement
- Information Flow Enforcement
- Separation of Duties
- Least Privilege
- Unsuccessful Login Attempts
- System Use Notification
- Concurrent Session Control
- Session Lock
- Permitted Actions Without Identification/ Authentication
- Security Attributes
- Remote Access
- Wireless Access
- Access Control for Mobile Devices
- Use of External Information Systems
- Publicly Accessible Content
← FedRAMP FAQ