AC-16(04) Association of Attributes by Authorized Individuals
Provide the capability to associate ac-16.4_prm_1 with ac-16.4_prm_2 by authorized individuals (or processes acting on behalf of individuals).
| Parameter ID | Definition |
|---|---|
| ac-16.4_prm_1 | organization-defined security and privacy attributes |
| ac-16.4_prm_2 | organization-defined subjects and objects |
| ac-16.04_odp.01 | security attributes |
| ac-16.04_odp.02 | security attributes |
| ac-16.04_odp.03 | privacy attributes |
| ac-16.04_odp.04 | privacy attributes |
| ac-16.04_odp.05 | subjects |
| ac-16.04_odp.06 | objects |
| ac-16.04_odp.07 | subjects |
| ac-16.04_odp.08 | objects |
Baselines
- L
- M
- H
- P
Guidance
Systems, in general, provide the capability for privileged users to assign security and privacy attributes to system-defined subjects (e.g., users) and objects (e.g., directories, files, and ports). Some systems provide additional capability for general users to assign security and privacy attributes to additional objects (e.g., files, emails). The association of attributes by authorized individuals is described in the design documentation. The support provided by systems can include prompting users to select security and privacy attributes to be associated with information objects, employing automated mechanisms to categorize information with attributes based on defined policies, or ensuring that the combination of the security or privacy attributes selected is valid. Organizations consider the creation, deletion, or modification of attributes when defining auditable events.