STIGhub
STIGs
RMF Controls
Compare
← All Controls
AC-1
Access Control
Rev 4
Policy and Procedures
CCI Identifiers (23)
CCI-000001
The organization develops an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
CCI-000002
Disseminate the organization-level; mission/business process-level; and/or system-level access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance to organization-defined personnel or roles.
CCI-000003
Review and update the current access control policy on an organization-defined frequency.
CCI-000004
The organization develops procedures to facilitate the implementation of the access control policy and associated access controls.
CCI-000005
Disseminate procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level access control policy and associated access controls to the organization-defined personnel or roles.
CCI-000006
Review and update the current access control procedures on an organization-defined frequency.
CCI-001545
Defines a frequency for reviewing and updating the access control policy.
CCI-001546
Defines a frequency for reviewing and updating the access control procedures.
CCI-002106
The organization documents the access control policy.
CCI-002107
Defines the personnel or roles to be recipients of the organization-level; mission/business process-level; and/or system-level access control policy necessary to facilitate the implementation of the access control policy and associated access controls.
CCI-002108
Defines the personnel or roles to be recipients of the procedures necessary to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level access control policy and associated access controls.
CCI-002109
The organization documents procedures to facilitate the implementation of the access control policy and associated access controls.
CCI-003601
Develop and document an organization-level; mission/business process-level; and/or system-level access control policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.
CCI-003602
Develop and document an organization-level; mission/business process-level; and/or system-level access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
CCI-003603
Disseminate the organization-level; mission/business process-level; and/or system-level access control policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines to organization-defined personnel or roles.
CCI-003604
Develop and document procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level access control policy and the associated access control.
CCI-003605
Designate an organization-defined official to manage the development and documentation of the access control policy and procedures.
CCI-003606
Designate an organization-defined official to manage the dissemination of the access control policy and procedures.
CCI-003607
Defines the official designated to manage the development, documentation, and dissemination of the access control policy and procedures.
CCI-003608
Review and update the current access control policy following organization-defined events.
CCI-003609
Defines the events following reviewing and updating the current access control policy.
CCI-003610
Review and update the current access control procedures following organization-defined events.
CCI-003611
Defines the events following reviewing and updating the current access control procedures.
Linked STIG Checks (0)
No STIG checks reference this control.