← Back to catalog
AC-4(9)
Human Reviews
Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Enforce the use of human reviews for [assignment] under the following conditions: [assignment].
Discussion
Organizations define security or privacy policy filters for all situations where automated flow control decisions are possible. When a fully automated flow control decision is not possible, then a human review may be employed in lieu of or as a complement to automated security or privacy policy filtering. Human reviews may also be employed as deemed necessary by organizations.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.