← Back to catalog
AC-3(11)
Restrict Access to Specific Information Types
Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Restrict access to data repositories containing [assignment].
Discussion
Restricting access to specific information is intended to provide flexibility regarding access control of specific information types within a system. For example, role-based access could be employed to allow access to only a specific type of personally identifiable information within a database rather than allowing access to the database in its entirety. Other examples include restricting access to cryptographic keys, authentication information, and selected system information.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.