STIGhub
STIGs
RMF Controls
Compare
← All Controls
AC-16
Access Control
Rev 3
Security and Privacy Attributes
CCI Identifiers (38)
CCI-001396
The organization defines security attributes for which the information system supports and maintains the bindings for information in storage.
CCI-001397
The organization defines security attributes for which the information system supports and maintains the bindings for information in process.
CCI-001398
The organization defines security attributes for which the information system supports and maintains the bindings for information in transmission.
CCI-001399
The information system supports and maintains the binding of organization-defined security attributes to information in storage.
CCI-001400
The information system supports and maintains the binding of organization-defined security attributes to information in process.
CCI-001401
The information system supports and maintains the binding of organization-defined security attributes to information in transmission.
CCI-002256
Defines security attributes having organization-defined types of security attribute values which are associated with information in storage.
CCI-002257
Defines security attributes having organization-defined types of security attribute values which are associated with information in process.
CCI-002258
Defines security attributes, having organization-defined types of security attribute values, which are associated with information in transmission.
CCI-002259
Defines security attribute values associated with organization-defined types of security attributes for information in storage.
CCI-002260
Defines security attribute values associated with organization-defined types of security attributes for information in process.
CCI-002261
Defines security attribute values associated with organization-defined types of security attributes for information in transmission.
CCI-002262
Provide the means to associate organization-defined types of security attributes having organization-defined security attribute values with information in storage.
CCI-002263
Provide the means to associate organization-defined types of security attributes having organization-defined security attribute values with information in process.
CCI-002264
Provide the means to associate organization-defined types of security attributes having organization-defined security attribute values with information in transmission.
CCI-002265
Ensure that the attribute associations are made and retained with the information.
CCI-002266
Ensure that the security attribute associations are retained with the information.
CCI-002267
Defines the security attributes that are permitted for organization-defined systems.
CCI-002268
Defines the systems for which permitted organization-defined attributes are to be established.
CCI-002269
Establish the following permitted organization-defined security attributes in AC-16a for organization-defined systems.
CCI-002270
Defines the attribute values or ranges permitted for each of the established security attributes.
CCI-002271
Determine organization-defined attribute values or ranges for each of the established attributes.
CCI-003696
Defines privacy attributes having organization-defined types of privacy attribute values which are associated with information in storage.
CCI-003697
Defines privacy attributes having organization-defined types of privacy attribute values which are associated with information in process.
CCI-003698
Defines privacy attributes, having organization-defined types of privacy attribute values, which are associated with information in transmission.
CCI-003699
Defines privacy attribute values associated with organization-defined types of privacy attributes for information in storage.
CCI-003700
Defines privacy attribute values associated with organization-defined types of privacy attributes for information in process.
CCI-003701
Defines privacy attribute values associated with organization-defined types of privacy attributes for information in transmission.
CCI-003702
Ensure that the privacy attribute associations are made with the information.
CCI-003703
Ensure that the privacy attribute associations are restrained with the information.
CCI-003704
Establish the following permitted organization-defined privacy attributes defined in AC-16a for organization-defined systems.
CCI-003705
Defines the privacy attributes that are permitted for organization-defined systems.
CCI-003706
Defines the attribute values or ranges permitted for each of the established privacy attributes.
CCI-003707
Audit changes to the attributes.
CCI-003708
Review organization-defined security attributes for applicability on an organization-defined frequency.
CCI-003709
Review organization-defined privacy attributes for applicability on an organization-defined frequency.
CCI-003710
Defines the security and privacy attributes to be reviewed for applicability.
CCI-003711
Defines the frequency of which the security and privacy attributes will be reviewed.
Linked STIG Checks (68)
Across 33 STIGs. Click to expand.
▶
Apache Server 2.4 UNIX Site Security Technical Implementation Guide
1 check
▶
Application Security and Development Security Technical Implementation Guide
3 checks
▶
Application Server Security Requirements Guide
2 checks
▶
CA IDMS Security Technical Implementation Guide
1 check
▶
Cisco ISE NDM Security Technical Implementation Guide
1 check
▶
Crunchy Data Postgres 16 Security Technical Implementation Guide
3 checks
▶
Crunchy Data PostgreSQL Security Technical Implementation Guide
3 checks
▶
Database Security Requirements Guide
3 checks
▶
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide
2 checks
▶
EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide
3 checks
▶
EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide
3 checks
▶
EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide
3 checks
▶
IBM DB2 V10.5 LUW Security Technical Implementation Guide
2 checks
▶
IBM z/OS RACF Security Technical Implementation Guide
1 check
▶
IBM z/OS TSS Security Technical Implementation Guide
1 check
▶
IBM zVM Using CA VM:Secure Security Technical Implementation Guide
3 checks
▶
Kubernetes Security Technical Implementation Guide
5 checks
▶
Mainframe Product Security Requirements Guide
2 checks
▶
MariaDB Enterprise 10.x Security Technical Implementation Guide
3 checks
▶
MarkLogic Server v9 Security Technical Implementation Guide
2 checks
▶
Microsoft Azure SQL Database Security Technical Implementation Guide
3 checks
▶
Microsoft Azure SQL Managed Instance Security Technical Implementation Guide
1 check
▶
Microsoft SQL Server 2022 Database Security Technical Implementation Guide
1 check
▶
MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide
1 check
▶
MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide
1 check
▶
MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide
1 check
▶
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
1 check
▶
MS SQL Server 2014 Database Security Technical Implementation Guide
3 checks
▶
MS SQL Server 2016 Database Security Technical Implementation Guide
1 check
▶
Oracle Database 19c Security Technical Implementation Guide
1 check
▶
Oracle MySQL 8.0 Security Technical Implementation Guide
3 checks
▶
PostgreSQL 9.x Security Technical Implementation Guide
3 checks
▶
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
1 check