AC-3: Access Enforcement
From NIST's SP800-53:
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.AC-6 | Identities are proofed and bound to credentials and asserted in interactions |
| PR.AC-4 | Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties |
| PR.PT-3 | The principle of least functionality is incorporated by configuring systems to provide only essential capabilities |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1558.001 | Golden Ticket | Credential Access |
| T1110.001 | Password Guessing | Credential Access |
| T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
| T1185 | Browser Session Hijacking | Collection |
| T1005 | Data from Local System | Collection |
| T1548.003 | Sudo and Sudo Caching | Defense Evasion, Privilege Escalation |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1087.004 | Cloud Account | Discovery |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1619 | Cloud Storage Object Discovery | Discovery |
| T1114.002 | Remote Email Collection | Collection |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1205.001 | Port Knocking | Command and Control, Defense Evasion, Persistence |
| T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1647 | Plist File Modification | Defense Evasion |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1606.001 | Web Cookies | Credential Access |
| T1036.003 | Rename System Utilities | Defense Evasion |
| T1059.006 | Python | Execution |
| T1491.001 | Internal Defacement | Impact |
| T1136.003 | Cloud Account | Persistence |
| T1056.003 | Web Portal Capture | Collection, Credential Access |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1569.002 | Service Execution | Execution |
| T1491.002 | External Defacement | Impact |
| T1489 | Service Stop | Impact |
| T1037.005 | Startup Items | Persistence, Privilege Escalation |
| T1218.002 | Control Panel | Defense Evasion |
| T1574.008 | Path Interception by Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
| T1037.002 | Login Hook | Persistence, Privilege Escalation |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
| T1037.004 | RC Scripts | Persistence, Privilege Escalation |
| T1546.004 | Unix Shell Configuration Modification | Persistence, Privilege Escalation |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1134.005 | SID-History Injection | Defense Evasion, Privilege Escalation |
| T1561.001 | Disk Content Wipe | Impact |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
| T1559 | Inter-Process Communication | Execution |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1569.001 | Launchctl | Execution |
| T1222.001 | Windows File and Directory Permissions Modification | Defense Evasion |
| T1070.007 | Clear Network Connection History and Configurations | Defense Evasion |
| T1550.002 | Pass the Hash | Defense Evasion, Lateral Movement |