| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AC-2(11) |
FedRAMP_High_R4_AC-2(11) |
FedRAMP High AC-2 (11) |
Access Control |
Usage Conditions |
Shared |
n/a |
The information system enforces [Assignment: organization-defined circumstances and/or usage conditions] for [Assignment: organization-defined information system accounts].
Supplemental Guidance: Organizations can describe the specific conditions or circumstances under which information system accounts can be used, for example, by restricting usage to certain days of the week, time of day, or specific durations of time. |
link |
1 |
| hipaa |
0112.02d2Organizational.3-02.d |
hipaa-0112.02d2Organizational.3-02.d |
0112.02d2Organizational.3-02.d |
01 Information Protection Program |
0112.02d2Organizational.3-02.d 02.03 During Employment |
Shared |
n/a |
Acceptable usage is defined and usage is explicitly authorized. |
|
7 |
| NIST_SP_800-171_R2_3 |
.1.2 |
NIST_SP_800-171_R2_3.1.2 |
NIST SP 800-171 R2 3.1.2 |
Access Control |
Limit system access to the types of transactions and functions that authorized users are permitted to execute. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both. System account types include individual, shared, group, system, anonymous, guest, emergency, developer, manufacturer, vendor, and temporary. Other attributes required for authorizing access include restrictions on time-of-day, day-of-week, and point-of-origin. In defining other account attributes, organizations consider system-related requirements (e.g., system upgrades scheduled maintenance,) and mission or business requirements, (e.g., time zone differences, customer requirements, remote access to support travel requirements). |
link |
31 |
| NIST_SP_800-53_R4 |
AC-2(11) |
NIST_SP_800-53_R4_AC-2(11) |
NIST SP 800-53 Rev. 4 AC-2 (11) |
Access Control |
Usage Conditions |
Shared |
n/a |
The information system enforces [Assignment: organization-defined circumstances and/or usage conditions] for [Assignment: organization-defined information system accounts].
Supplemental Guidance: Organizations can describe the specific conditions or circumstances under which information system accounts can be used, for example, by restricting usage to certain days of the week, time of day, or specific durations of time. |
link |
1 |
| NIST_SP_800-53_R5 |
AC-2(11) |
NIST_SP_800-53_R5_AC-2(11) |
NIST SP 800-53 Rev. 5 AC-2 (11) |
Access Control |
Usage Conditions |
Shared |
n/a |
Enforce [Assignment: organization-defined circumstances and/or usage conditions] for [Assignment: organization-defined system accounts]. |
link |
1 |