Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
OSCAL
OSCAL Profiles
FedRAMP Rev 5 Moderate Baseline
AC
AC: Access Control
An OSCAL Group
Details
Subcontrols
43
AC-1 - Policy and Procedures
AC-2 - Account Management
9 Subcontrols
AC-2.1 - Automated System Account Management
AC-2.2 - Automated Temporary and Emergency Account Management
AC-2.3 - Disable Accounts
AC-2.4 - Automated Audit Actions
AC-2.5 - Inactivity Logout
AC-2.7 - Privileged User Accounts
AC-2.9 - Restrictions on Use of Shared and Group Accounts
AC-2.12 - Account Monitoring for Atypical Usage
AC-2.13 - Disable Accounts for High-risk Individuals
AC-3 - Access Enforcement
AC-4 - Information Flow Enforcement
1 Subcontrol
AC-4.21 - Physical or Logical Separation of Information Flows
AC-5 - Separation of Duties
AC-6 - Least Privilege
6 Subcontrols
AC-6.1 - Authorize Access to Security Functions
AC-6.2 - Non-privileged Access for Nonsecurity Functions
AC-6.5 - Privileged Accounts
AC-6.7 - Review of User Privileges
AC-6.9 - Log Use of Privileged Functions
AC-6.10 - Prohibit Non-privileged Users from Executing Privileged Functions
AC-7 - Unsuccessful Logon Attempts
AC-8 - System Use Notification
AC-11 - Device Lock
1 Subcontrol
AC-11.1 - Pattern-hiding Displays
AC-12 - Session Termination
AC-14 - Permitted Actions Without Identification or Authentication
AC-17 - Remote Access
4 Subcontrols
AC-17.1 - Monitoring and Control
AC-17.2 - Protection of Confidentiality and Integrity Using Encryption
AC-17.3 - Managed Access Control Points
AC-17.4 - Privileged Commands and Access
AC-18 - Wireless Access
2 Subcontrols
AC-18.1 - Authentication and Encryption
AC-18.3 - Disable Wireless Networking
AC-19 - Access Control for Mobile Devices
1 Subcontrol
AC-19.5 - Full Device or Container-based Encryption
AC-20 - Use of External Systems
2 Subcontrols
AC-20.1 - Limits on Authorized Use
AC-20.2 - Portable Storage Devices — Restricted Use
AC-21 - Information Sharing
AC-22 - Publicly Accessible Content