Reference: CMMC 2.0
Family: AC
Level Introduced: 1
Title: Transaction & Function Control
Practice:
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
CMMC Clarification:
Make sure to limit users/employees to only the information systems, roles, or applications they are permitted to use and that are needed for their jobs.
Example
You are in charge of payroll for the company and need access to certain company financial information and systems. You work with IT to set up the system so that when users log onto the company's network, only those employees you allow can use the payroll applications and access payroll data. Because of this good access control, your coworkers in the Shipping Department cannot access information about payroll or paychecks.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (3)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.