NIST 800-53_AC-3(3)

Lionfish Cyber Security | March 9th 2023 |

NIST 800-53

Access Control

AC-3(3)

Access Enforcement Mandatory Access Control

Enforce [Assignment: organization-defined mandatory access control policy] over the set of covered subjects and objects specified in the policy and where the policy:(a) Is uniformly enforced across the covered subjects and objects within the system; (b) Specifies that a subject that has been granted access to information is constrained from doing any of the following;(1) Passing the information to unauthorized subjects or objects;(2) Granting its privileges to other subjects; (3) Changing one or more security attributes (specified by the policy) on subjects objects the system or system components;(4) Choosing the security attributes and attribute values (specified by the policy) to be associated with newly created or modified objects; and(5) Changing the rules governing access control; and(c) Specifies that [Assignment: organization-defined subjects] may explicitly be granted [Assignment: organization-defined privileges] such that they are not limited by any defined subset (or all) of the above constraints.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video