AC-16-727 Security Attributes

Security Attributes

AC-16-727
Security Attributes
Access Control
NOT SELECTED
P0
No
When security attributes are not bound to data/information, enforcement of information security policies for access control and information flow control, either through organizational processes or information system functions or mechanisms is difficult.
The organization: a. Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; b. Ensures that the security attribute associations are made and retained with the information; c. Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and d. Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.
NA
No statewide control