AC-3(11)

  • Requirement

    Restrict access to data repositories containing [Assignment: organization-defined information types].

  • Discussion

    Restricting access to specific information is intended to provide flexibility regarding access control of specific information types within a system. For example, role-based access could be employed to allow access to only a specific type of personally identifiable information within a database rather than allowing access to the database in its entirety. Other examples include restricting access to cryptographic keys, authentication information, and selected system information.

More Info

  • Title

    Access Enforcement | Restrict Access to Specific Information Types
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      CM-8;CM-12;CM-13;PM-5

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!