AC-4(11)

Requirement

Provide the capability for privileged administrators to configure [Assignment: organization-defined security or privacy policy filters] to support different security or privacy policies.

Discussion

Documentation contains detailed information for configuring security or privacy policy filters. For example, administrators can configure security or privacy policy filters to include the list of inappropriate words that security or privacy policy mechanisms check in accordance with the definitions provided by organizations.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Access control policy; information flow control policies; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; list of security policy filters; list of privacy policy filters; system audit records; system security plan; privacy plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with responsibilities for configuring security and privacy policy filters; system/network administrators; organizational personnel with information security and privacy responsibilities; system developers].

Test

[SELECT FROM: Mechanisms implementing information flow enforcement policy; security and privacy policy filters].

ID	Assessment Objectives
AC-04(11)[01]	capability is provided for privileged administrators to configure <AC-04(11)_ODP[01] security policy filters> to support different security or privacy policies;
AC-04(11)[02]	capability is provided for privileged administrators to configure <AC-04(11)_ODP[02] privacy policy filters> to support different security or privacy policies.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!