AC-21: User Based Collaboration and Information Sharing
|
|
base control objective:
The organization:
a. Facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and
b. Employs [Assignment: list of organization-defined information sharing circumstances and automated mechanisms or manual processes required] to assist users in making information sharing/collaboration decisions.
supplemental objective information:
The control applies to information that may be restricted in some manner (e.g., privileged medical, contract-sensitive, proprietary, personally identifiable information, special access programs/compartments) based on some formal or administrative determination. Depending on the information-sharing circumstance, the sharing partner may be defined at the individual, group, or organization level, and information may be defined by specific content, type, or security categorization.
enhancements to the base objective:
(1) The information system employs automated mechanisms to enable authorized users to make information-sharing decisions based on access authorizations of sharing partners and access restrictions on information to be shared.
mapping to FIPS199 baseline:
LOW: null
|
MOD: null
|
HIGH: null
|
related (regimented) controls:
documents referenced in SP800-53rev3 for AC-21:
Document
|
Date
|
Status
|
Title
|
None.
|
|