manage.get.gov/docs/compliance/dist/system-security-plans/ato/ac-6.1.md

implementation-status	control-origination
c-not-implemented	c-inherited-cloud-gov c-inherited-cisa c-common-control c-system-specific-control

ac-6.1 - [catalog] Authorize Access to Security Functions

Control Statement

Authorize access for individuals and roles to:

• [a] organization-defined security functions (deployed in hardware, software, and firmware) ; and

• [b] security-relevant information.

Control guidance

Security functions include establishing system accounts, configuring access authorizations (i.e., permissions, privileges), configuring settings for events to be audited, and establishing intrusion detection parameters. Security-relevant information includes filtering rules for routers or firewalls, configuration parameters for security services, cryptographic key management information, and access control lists. Authorized personnel include security administrators, system administrators, system security officers, system programmers, and other privileged users.

Control assessment-objective

access is authorized for individuals and roles to security functions (deployed in hardware); access is authorized for individuals and roles to security functions (deployed in software); access is authorized for individuals and roles to security functions (deployed in firmware); access is authorized for individuals and roles to security-relevant information.

---

What is the solution and how is it implemented?

---

Implementation (a)

Add control implementation description here for item ac-6.1_smt.a

---

Implementation (b)

Add control implementation description here for item ac-6.1_smt.b

---