Access Control

The Access Control (AC) objective is based around the policies and procedures in place at a 3pao to limit access to various resources within the environment to appropriate individuals. Below is a list of the various activities that are required to be implemented to address and mitigate access control related risks.

  • Access Control Policy and Procedures
  • Account Management
  • Access Enforcement
  • Information Flow Enforcement
  • Separation of Duties
  • Least Privilege
  • Unsuccessful Login Attempts
  • System Use Notification
  • Concurrent Session Control
  • Session Lock
  • Permitted Actions Without Identification/ Authentication
  • Security Attributes
  • Remote Access
  • Wireless Access
  • Access Control for Mobile Devices
  • Use of External Information Systems
  • Publicly Accessible Content

Please log in to rate this.
0 people found this helpful.


Category: Control Objectives

← FedRAMP FAQ
Signup for the Security Audit Mailing List: