AC-16(10)
-
Requirement
Provide authorized individuals the capability to define or change the type and value of security and privacy attributes available for association with subjects and objects.
-
Discussion
The content or assigned values of security and privacy attributes can directly affect the ability of individuals to access organizational information. Thus, it is important for systems to be able to limit the ability to create or modify the type and value of attributes available for association with subjects and objects to authorized individuals only.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!