home || catalog: SP800-53rev3 / class: Technical / family: (AC) Access Control ||
search controls:
search nistpubs:

AC

AC-01
AC-02
AC-03
AC-04
AC-05
AC-06
AC-07
AC-08
AC-09
AC-10
AC-11
AC-12
AC-13
AC-14 *
AC-15
AC-16
AC-17
AC-18
AC-19
AC-20
AC-21
AC-22

AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  AC-14: Permitted Actions without Identification or Authentication  

base control objective:
The organization:
a. Identifies specific user actions that can be performed on the information system without identification or authentication; and
b. Documents and provides supporting rationale in the security plan for the information system, user actions not requiring identification and authentication.

supplemental objective information:
This control is intended for those specific instances where an organization determines that no identification and authentication is required; it is not, however, mandating that such instances exist in given information system. The organization may allow a limited number of user actions without identification and authentication (e.g., when individuals access public websites or other publicly accessible federal information systems such as http://www.usa.gov). Organizations should also identify any actions that normally require identification or authentication but may under certain circumstances (e.g., emergencies), allow identification or authentication mechanisms to be bypassed. Such bypass may be, for example, via a software-readable physical switch that commands bypass of the login functionality and is protected from accidental or unmonitored use. This control does not apply to situations where identification and authentication have already occurred and are not being repeated, but rather to situations where identification and/or authentication have not yet occurred.

enhancements to the base objective:

(1) The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission/business objectives.

mapping to FIPS199 baseline:

  LOW: base     MOD: base (1)     HIGH: base (1)  

related (regimented) controls:

CP-02   Contingency Plan
IA-02   User Identification and Authentication (Organizational Users)

documents referenced in SP800-53rev3 for AC-14:

None.

Document Date Status Title

Search SP800-53rev3 catalog: