AC-14 Permitted Actions Without Identification Or Authentication

Access Control

Low Moderate High

Description

The organization identifies and documents specific user actions that can be performed on the information system without identification or authentication.\n

Supplemental Guidance

The organization allows limited user activity without identification and authentication for public websites or other publicly available information systems (e.g., individuals accessing a federal information system at http://www.firstgov.gov). Related security control: IA-2.\n

Enhancements

(1) The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission objectives.\n

AC-14 Permitted Actions Without Identification Or Authentication

Description

Supplemental Guidance

Enhancements

Compliance Mappings

ISO 17799 (legacy)

COBIT 4.1 (legacy)