Ansible Tower - Access Control

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
AC-1 Access Control Policy And Procedures

not applicable

AC-2 Account Management

partial

AC-2 (1) Automated System Account Management

complete

AC-2 (2) Removal Of Temporary / Emergency Accounts

partial

AC-2 (3) Disable Inactive Accounts

partial

AC-2 (4) Automated Audit Actions
AC-2 (5) Inactivity Logout

complete

AC-2 (6) Dynamic Privilege Management
AC-2 (7) Role-Based Schemes

complete

AC-2 (8) Dynamic Account Creation
AC-2 (9) Restrictions On Use Of Shared / Group Accounts
AC-2 (10) Shared / Group Account Credential Termination
AC-2 (11) Usage Conditions
AC-2 (12) Account Monitoring / Atypical Usage
AC-2 (13) Disable Accounts For High-Risk Individuals
AC-3 Access Enforcement

complete

AC-3 (1) Restricted Access To Privileged Functions

not applicable

AC-3 (2) Dual Authorization
AC-3 (3) Mandatory Access Control
AC-3 (4) Discretionary Access Control
AC-3 (5) Security-Relevant Information
AC-3 (6) Protection Of User And System Information

not applicable

AC-3 (7) Role-Based Access Control
AC-3 (8) Revocation Of Access Authorizations
AC-3 (9) Controlled Release
AC-3 (10) Audited Override Of Access Control Mechanisms
AC-4 Information Flow Enforcement
AC-4 (1) Object Security Attributes
AC-4 (2) Processing Domains
AC-4 (3) Dynamic Information Flow Control
AC-4 (4) Content Check Encrypted Information
AC-4 (5) Embedded Data Types
AC-4 (6) Metadata
AC-4 (7) One-Way Flow Mechanisms
AC-4 (8) Security Policy Filters
AC-4 (9) Human Reviews
AC-4 (10) Enable / Disable Security Policy Filters
AC-4 (11) Configuration Of Security Policy Filters
AC-4 (12) Data Type Identifiers
AC-4 (13) Decomposition Into Policy-Relevant Subcomponents
AC-4 (14) Security Policy Filter Constraints
AC-4 (15) Detection Of Unsanctioned Information
AC-4 (16) Information Transfers On Interconnected Systems

not applicable

AC-4 (17) Domain Authentication
AC-4 (18) Security Attribute Binding
AC-4 (19) Validation Of Metadata
AC-4 (20) Approved Solutions
AC-4 (21) Physical / Logical Separation Of Information Flows
AC-4 (22) Access Only
AC-5 Separation Of Duties
AC-6 Least Privilege
AC-6 (1) Authorize Access To Security Functions
AC-6 (2) Non-Privileged Access For Nonsecurity Functions
AC-6 (3) Network Access To Privileged Commands
AC-6 (4) Separate Processing Domains
AC-6 (5) Privileged Accounts
AC-6 (6) Privileged Access By Non-Organizational Users
AC-6 (7) Review Of User Privileges
AC-6 (8) Privilege Levels For Code Execution
AC-6 (9) Auditing Use Of Privileged Functions
AC-6 (10) Prohibit Non-Privileged Users From Executing Privileged Functions
AC-7 Unsuccessful Logon Attempts

partial

AC-7 (1) Automatic Account Lock

not applicable

AC-7 (2) Purge / Wipe Mobile Device
AC-8 System Use Notification

complete

AC-9 Previous Logon (Access) Notification
AC-9 (1) Unsuccessful Logons
AC-9 (2) Successful / Unsuccessful Logons
AC-9 (3) Notification Of Account Changes
AC-9 (4) Additional Logon Information
AC-10 Concurrent Session Control
AC-11 Session Lock
AC-11 (1) Pattern-Hiding Displays
AC-12 Session Termination
AC-12 (1) User-Initiated Logouts / Message Displays
AC-13 Supervision And Review - Access Control

not applicable

AC-14 Permitted Actions Without Identification Or Authentication

complete

AC-14 (1) Necessary Uses
AC-15 Automated Marking