AC-01 Policy and Procedures
a. Develop, document, and disseminate to ac-1_prm_1:
1. ac-01_odp.03 access control policy that:
(a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
(b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and
2. Procedures to facilitate the implementation of the access control policy and the associated access controls;
b. Designate an ac-01_odp.04 to manage the development, documentation, and dissemination of the access control policy and procedures; and
c. Review and update the current access control:
1. Policy ac-01_odp.05 and following ac-01_odp.06 ; and
2. Procedures ac-01_odp.07 and following ac-01_odp.08.
|ac-1_prm_1||organization-defined personnel or roles|
|ac-01_odp.01||personnel or roles|
|ac-01_odp.02||personnel or roles|
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
- SP 800-12 Nieles M, Pillitteri VY, Dempsey KL (2017) An Introduction to Information Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-12, Rev. 1.
- SP 800-30 Joint Task Force Transformation Initiative (2012) Guide for Conducting Risk Assessments. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-30, Rev. 1.
- SP 800-39 Joint Task Force Transformation Initiative (2011) Managing Information Security Risk: Organization, Mission, and Information System View. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-39.
- SP 800-100 Bowen P, Hash J, Wilson M (2006) Information Security Handbook: A Guide for Managers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-100, Includes updates as of March 7, 2007.
- IR 7874 Hu VC, Scarfone KA (2012) Guidelines for Access Control System Evaluation Metrics. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7874.
Related controls 5
- IA-01 Policy and Procedures L M H P
- PM-09 Risk Management Strategy L M H P
- PM-24 Data Integrity Board L M H P
- PS-08 Personnel Sanctions L M H P
- SI-12 Information Management and Retention L M H P