Control(s)
Restrict access to data repositories containing [Assignment: organization-defined information types].
Additional Details (Discussion)
Restricting access to specific information is intended to provide flexibility regarding access control of specific information types within a system. For example, role-based access could be employed to allow access to only a specific type of personally identifiable information within a database rather than allowing access to the database in its entirety. Other examples include restricting access to cryptographic keys, authentication information, and selected system information.
Related Control(s)
- CM-8
- CM-12
- CM-13
- PM-5.