← Back to catalog
AC-6(6)

Privileged Access by Non-organizational Users

Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Prohibit privileged access to the system by non-organizational users.

Discussion

An organizational user is an employee or an individual considered by the organization to have the equivalent status of an employee. Organizational users include contractors, guest researchers, or individuals detailed from other organizations. A non-organizational user is a user who is not an organizational user. Policies and procedures for granting equivalent status of employees to individuals include a need-to-know, citizenship, and the relationship to the organization.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.