← Back to catalog
AC-4(9)

Human Reviews

Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Enforce the use of human reviews for [assignment] under the following conditions: [assignment].

Discussion

Organizations define security or privacy policy filters for all situations where automated flow control decisions are possible. When a fully automated flow control decision is not possible, then a human review may be employed in lieu of or as a complement to automated security or privacy policy filtering. Human reviews may also be employed as deemed necessary by organizations.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.