OpenStack Platform 13 - Access Control

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
AC-1 Access Control Policy And Procedures

not applicable

AC-2 Account Management

not applicable

AC-2 (1) Automated System Account Management

planned

AC-2 (2) Removal Of Temporary / Emergency Accounts

not applicable

AC-2 (3) Disable Inactive Accounts

not applicable

AC-2 (4) Automated Audit Actions

planned

AC-2 (5) Inactivity Logout

planned

AC-2 (6) Dynamic Privilege Management
AC-2 (7) Role-Based Schemes

planned

AC-2 (8) Dynamic Account Creation
AC-2 (9) Restrictions On Use Of Shared / Group Accounts

not applicable

AC-2 (10) Shared / Group Account Credential Termination

not applicable

AC-2 (11) Usage Conditions

not applicable

AC-2 (12) Account Monitoring / Atypical Usage

not applicable

AC-2 (13) Disable Accounts For High-Risk Individuals

not applicable

AC-3 Access Enforcement

complete

AC-3 (1) Restricted Access To Privileged Functions
AC-3 (2) Dual Authorization
AC-3 (3) Mandatory Access Control
AC-3 (4) Discretionary Access Control
AC-3 (5) Security-Relevant Information
AC-3 (6) Protection Of User And System Information
AC-3 (7) Role-Based Access Control
AC-3 (8) Revocation Of Access Authorizations
AC-3 (9) Controlled Release
AC-3 (10) Audited Override Of Access Control Mechanisms
AC-4 Information Flow Enforcement

planned

AC-4 (1) Object Security Attributes
AC-4 (2) Processing Domains
AC-4 (3) Dynamic Information Flow Control
AC-4 (4) Content Check Encrypted Information
AC-4 (5) Embedded Data Types
AC-4 (6) Metadata
AC-4 (7) One-Way Flow Mechanisms
AC-4 (8) Security Policy Filters

planned

AC-4 (9) Human Reviews
AC-4 (10) Enable / Disable Security Policy Filters
AC-4 (11) Configuration Of Security Policy Filters
AC-4 (12) Data Type Identifiers
AC-4 (13) Decomposition Into Policy-Relevant Subcomponents
AC-4 (14) Security Policy Filter Constraints
AC-4 (15) Detection Of Unsanctioned Information
AC-4 (16) Information Transfers On Interconnected Systems
AC-4 (17) Domain Authentication
AC-4 (18) Security Attribute Binding
AC-4 (19) Validation Of Metadata
AC-4 (20) Approved Solutions
AC-4 (21) Physical / Logical Separation Of Information Flows

planned

AC-4 (22) Access Only
AC-5 Separation Of Duties

planned

AC-6 Least Privilege

planned

AC-6 (1) Authorize Access To Security Functions

planned

AC-6 (2) Non-Privileged Access For Nonsecurity Functions

planned

AC-6 (3) Network Access To Privileged Commands

planned

AC-6 (4) Separate Processing Domains
AC-6 (5) Privileged Accounts

not applicable

AC-6 (6) Privileged Access By Non-Organizational Users