800-53|AC-24(2)

Title

NO USER OR PROCESS IDENTITY

Description

The information system enforces access control decisions based on [Assignment: organization-defined security attributes] that do not include the identity of the user or process acting on behalf of the user.

Supplemental

In certain situations, it is important that access control decisions can be made without information regarding the identity of the users issuing the requests. These are generally instances where preserving individual privacy is of paramount importance. In other situations, user identification information is simply not needed for access control decisions and, especially in the case of distributed information systems, transmitting such information with the needed degree of assurance may be very expensive or difficult to accomplish.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: ACCESS CONTROL DECISIONS

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
FFOX-00-000018 - Firefox must prevent the user from quickly deleting data.	Windows	DISA STIG Mozilla Firefox Windows v6r5
FFOX-00-000018 - Firefox must prevent the user from quickly deleting data.	Unix	DISA STIG Mozilla Firefox MacOS v6r5
FFOX-00-000018 - Firefox must prevent the user from quickly deleting data.	Unix	DISA STIG Mozilla Firefox Linux v6r5
GEN005820 - The Network File System (NFS) anonymous UID and GID must be configured to values without permissions - 'anongid'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN005820 - The Network File System (NFS) anonymous UID and GID must be configured to values without permissions - 'anonuid'	Unix	DISA STIG for Oracle Linux 5 v2r1

Detections

Analytics