SecFrame Explorer
3/3
// Level 3 · Controls

Access Control

Limit system access to authorized users and processes.

3.1.1High

Authorized Access Control

Limit system access to authorized users, processes acting on behalf of authorized users, and devices.

3.1.2Medium

Transaction & Function Control

Limit system access to the types of transactions and functions that authorized users are permitted to execute.

3.1.3High

Control CUI Flow

Control the flow of CUI in accordance with approved authorizations.

3.1.4Medium

Separation of Duties

Separate duties of individuals to reduce the risk of malevolent activity without collusion.

3.1.5High

Least Privilege

Employ the principle of least privilege, including for specific security functions and privileged accounts.

3.1.6Medium

Non-Privileged Accounts

Use non-privileged accounts when accessing nonsecurity functions.

3.1.7High

Privileged Functions

Prevent non-privileged users from executing privileged functions and capture execution of such functions in audit logs.

3.1.8Medium

Unsuccessful Logon Attempts

Limit unsuccessful logon attempts.

3.1.9Low

Privacy and Security Notices

Provide privacy and security notices consistent with applicable CUI rules.

3.1.10Medium

Session Lock

Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.

3.1.11Medium

Session Termination

Terminate user sessions automatically after a defined condition.

3.1.12High

Remote Access Monitoring

Monitor and control remote access sessions.

3.1.13High

Cryptographic Remote Access

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

3.1.14Medium

Routing Remote Access

Route remote access via managed access control points.

3.1.15High

Privileged Remote Execution

Authorize remote execution of privileged commands and remote access to security-relevant information.

3.1.16Medium

Wireless Access Authorization

Authorize wireless access prior to allowing such connections.

3.1.17High

Wireless Protection

Protect wireless access using authentication and encryption.

3.1.18Medium

Mobile Device Connection

Control connection of mobile devices.

3.1.19High

Mobile Device Encryption

Encrypt CUI on mobile devices and mobile computing platforms.

3.1.20Medium

External Connections

Verify and control/limit connections to and use of external systems.

3.1.21Medium

Portable Storage Use

Limit use of portable storage devices on external systems.

3.1.22High

Public Information Posting

Control CUI posted or processed on publicly accessible systems.