AC-21: User Based Collaboration and Information Sharing

home || catalog: SP800-53rev3 / class: Technical / family: (AC) Access Control ||

AC-01
AC-02
AC-03
AC-04
AC-05
AC-06
AC-07
AC-08
AC-09
AC-10
AC-11
AC-12
AC-13
AC-14
AC-15
AC-16
AC-17
AC-18
AC-19
AC-20
AC-21 *
AC-22

AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

AC-21: User Based Collaboration and Information Sharing

base control objective:
The organization:
a. Facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and
b. Employs [Assignment: list of organization-defined information sharing circumstances and automated mechanisms or manual processes required] to assist users in making information sharing/collaboration decisions.

supplemental objective information:
The control applies to information that may be restricted in some manner (e.g., privileged medical, contract-sensitive, proprietary, personally identifiable information, special access programs/compartments) based on some formal or administrative determination. Depending on the information-sharing circumstance, the sharing partner may be defined at the individual, group, or organization level, and information may be defined by specific content, type, or security categorization.

enhancements to the base objective:

(1) The information system employs automated mechanisms to enable authorized users to make information-sharing decisions based on access authorizations of sharing partners and access restrictions on information to be shared.

mapping to FIPS199 baseline:

LOW: null

MOD: null

HIGH: null

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for AC-21:

None.

Document	Date	Status	Title
Search SP800-53rev3 catalog: