Control ID |
Control Description | Data Protection Classification | ||||||
Level 1 | Level 2 | Level 3 | Level 4 | |||||
AC-1 | Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). |
essential | essential | essential | essential | |||
AC-2 | Limit system access to the types of transactions and functions that authorized users are permitted to execute.
|
recommended | recommended | essential | essential | |||
AC-3 | Control the flow of the University’s data in accordance with approved authorizations. | recommended | required | essential | essential | |||
AC-5 | Employ the principle of least privilege, including for specific security functions and privileged accounts. |
recommended | recommended | essential | essential | |||
AC-6 | Use non-privileged accounts or roles when accessing nonsecurity functions. | recommended | recommended | essential | essential | |||
AC-7 | Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. |
required | required | essential | essential | |||
AC-8 | Limit unsuccessful logon attempts. | recommended | recommended | essential | essential | |||
AC-9 | Provide privacy and security notices consistent with applicable University data rules. | required | required | required | essential | |||
AC-11 | Terminate (automatically) a user session after a defined condition. | optional | recommended | required | essential | |||
AC-12 | Monitor and control remote access sessions. | recommended | required | essential | essential | |||
AC-13 | Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. | recommended | required | essential | essential | |||
AC-14 | Route remote access via managed access control points. | recommended | required | essential | essential | |||
AC-16 | Authorize wireless access prior to allowing such connections. | essential | essential | essential | essential | |||
AC-17 | Protect wireless access using authentication and encryption. | essential | essential | essential | essential |