NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
AC-1
AC-2
AC-2(1)
AC-2(2)
AC-2(3)
AC-2(4)
AC-2(5)
AC-2(6)
AC-2(7)
AC-2(8)
AC-2(9)
AC-2(11)
AC-2(12)
AC-2(13)
AC-3
AC-14(1)
AC-3(2)
AC-3(3)
AC-3(4)
AC-3(5)
AC-15
AC-3(7)
AC-3(8)
AC-3(9)
AC-3(10)
AC-3(11)
AC-3(12)
AC-3(13)
AC-3(14)
AC-3(15)
AC-4
AC-4(1)
AC-4(2)
AC-4(3)
AC-4(4)
AC-4(5)
AC-4(6)
AC-4(7)
AC-4(8)
AC-4(9)
AC-4(10)
AC-4(11)
AC-4(12)
AC-4(13)
AC-4(14)
AC-4(15)
AC-17(5)
AC-4(17)
AC-17(7)
AC-4(19)
AC-4(20)
AC-4(21)
AC-4(22)
AC-4(23)
AC-4(24)
AC-4(25)
AC-4(26)
AC-4(27)
AC-4(28)
AC-4(29)
AC-4(30)
AC-4(31)
AC-4(32)
AC-5
AC-6
AC-6(1)
AC-6(2)
AC-6(3)
AC-6(4)
AC-6(5)
AC-6(6)
AC-6(7)
AC-6(8)
AC-6(9)
AC-6(10)
AC-7
AC-17(8)
AC-7(2)
AC-7(3)
AC-7(4)
AC-8
AC-9
AC-9(1)
AC-9(2)
AC-9(3)
AC-9(4)
AC-10
AC-11
AC-11(1)
AC-12
AC-12(1)
AC-12(2)
AC-12(3)
AC-13
AC-14
AC-19(1)
AC-19(2)
AC-16
AC-16(1)
AC-16(2)
AC-16(3)
AC-16(4)
AC-16(5)
AC-16(6)
AC-16(7)
AC-16(8)
AC-16(9)
AC-16(10)
AC-17
AC-17(1)
AC-17(2)
AC-17(3)
AC-17(4)
AC-17(6)
AC-18(2)
AC-19(3)
AC-2(10)
AC-3(1)
AC-17(9)
AC-17(10)
AC-18
AC-18(1)
AC-3(6)
AC-18(3)
AC-18(4)
AC-18(5)
AC-19
AC-4(16)
AC-4(18)
AC-7(1)
AC-19(4)
AC-19(5)
AC-20
AC-20(1)
AC-20(2)
AC-20(3)
AC-20(4)
AC-20(5)
AC-21
AC-21(1)
AC-21(2)
AC-22
AC-23
AC-24
AC-24(1)
AC-24(2)
AC-25

AC-3(15): Access Enforcement | Discretionary and Mandatory Access Control

Control Text:

(a) Enforce [Assignment: organization-defined mandatory access control policy] over the set of covered subjects and objects specified in the policy; and (b) Enforce [Assignment: organization-defined discretionary access control policy] over the set of covered subjects and objects specified in the policy.

Simultaneously implementing a mandatory access control policy and a discretionary access control policy can provide additional protection against the unauthorized execution of code by users or processes acting on behalf of users. This helps prevent a single compromised user or process from compromising the entire system.

Related Controls