Control statement
Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on {{ insert: param, ac-04_odp }}. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-AFR-03 | Authorization Data Sharing Determine how authorization data will be shared with all necessary parties in alignment with the FedRAMP Authorization Data Sharing (ADS) process and persistently address all related requirements and recommendations. | Authorization by FedRAMP |
| KSI-IAM-03 | Non-User Accounts Enforce appropriately secure authentication methods for non-user accounts and services. | Identity and Access Management |
| KSI-IAM-04 | Just-in-Time Authorization Use a least-privileged, role and attribute-based, and just-in-time security authorization model for all user and non-user accounts and services. | Identity and Access Management |
| KSI-IAM-05 | Least Privilege _Persistently_ ensure that identity and access management employs measures to ensure each user or device can only access the resources they need. | Identity and Access Management |