← Back to catalog
AC-3(11)

Restrict Access to Specific Information Types

Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Restrict access to data repositories containing [assignment].

Discussion

Restricting access to specific information is intended to provide flexibility regarding access control of specific information types within a system. For example, role-based access could be employed to allow access to only a specific type of personally identifiable information within a database rather than allowing access to the database in its entirety. Other examples include restricting access to cryptographic keys, authentication information, and selected system information.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.