AC-25-727 Reference Monitor

Reference Monitor

AC-25-727
Reference Monitor
Access Control
NOT SELECTED
P0
No
The access controls of subjects with certain privileges (i.e., access permissions) are not restricted from being passed to any other subjects, either directly or indirectly.
The information system implements a reference monitor for [Assignment: organization-defined access control policies] that is tamperproof, always invoked, and small enough to be subject to analysis and testing, the completeness of which can be assured.
NA
No statewide control