Security Requirements for 03.01.02 Access Enforcement

Access control policies control access between active entities or subjects (i.e., users or system processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems. Types of system access include remote access and access to systems that communicate through external networks, such as the internet. Access enforcement mechanisms can also be employed at the application and service levels to provide increased protection for CUI. This recognizes that the system can host many applications and services in support of mission and business functions. Access control policies are defined in 03.15.01.

View CPRT 03.01.02
  1. 03.01.02

    Enforce approved authorizations for logical access to CUI and system resources in accordance with applicable access control policies.