Detections
Analytics
800-53|AC-24(1)
Title
TRANSMIT ACCESS AUTHORIZATION INFORMATIONDescription
The information system transmits [Assignment: organization-defined access authorization information] using [Assignment: organization-defined security safeguards] to [Assignment: organization-defined information systems] that enforce access control decisions.Supplemental
In distributed information systems, authorization processes and access control decisions may occur in separate parts of the systems. In such instances, authorization information is transmitted securely so timely access control decisions can be enforced at the appropriate locations. To support the access control decisions, it may be necessary to transmit as part of the access authorization information, supporting security attributes. This is due to the fact that in distributed information systems, there are various access control decisions that need to be made and different entities (e.g., services) make these decisions in a serial fashion, each requiring some security attributes to make the decisions. Protecting access authorization information (i.e., access control decisions) ensures that such information cannot be altered, spoofed, or otherwise compromised during transmission.Reference Item Details
Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations
Category: ACCESS CONTROL
Parent Title: ACCESS CONTROL DECISIONS
Family: ACCESS CONTROL
Audit Items
View all Reference Audit Items