AC-3: Access Enforcement
Generated
2019-04-12 13:01:48.067729
Status
Statements
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
STIG
STIG # | Description | Result |
---|---|---|
V-72859 | PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | failed |
V-72883 | PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects. | failed |
Additional Guidance
Access control policies (e.g., identity-based policies, role-based policies, control matrices, cryptography) control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (e.g., devices, files, records, domains) in information systems. In addition to enforcing authorized access at the information system level and recognizing that information systems can host many applications and services in support of organizational missions and business operations, access enforcement mechanisms can also be employed at the application and service level to provide increased information security.
Related Controls
- AC-2
- AC-4
- AC-5
- AC-6
- AC-16
- AC-17
- AC-18
- AC-19
- AC-20
- AC-21
- AC-22
- AU-9
- CM-5
- CM-6
- CM-11
- MA-3
- MA-4
- MA-5
- PE-3