STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AC-24

Access ControlRev 5organization

Access Control Decisions

Control Statement

[Selection: organization-defined value] to ensure [Assignment: access control decisions] are applied to each access request prior to access enforcement.

Supplemental Guidance

Access control decisions (also known as authorization decisions) occur when authorization information is applied to specific accesses. In contrast, access enforcement occurs when systems enforce access control decisions. While it is common to have access control decisions and access enforcement implemented by the same entity, it is not required, and it is not always an optimal implementation choice. For some architectures and distributed systems, different entities may make access control decisions and enforce access.

Related Controls (2)

AC-2AC-3

CCI Identifiers (2)

CCI-002348Defines the access control decisions that are to be applied to each access request prior to access enforcement.CCI-002349Establish procedures or implement mechanisms to ensure organization-defined access control decisions are applied to each access request prior to access enforcement.

Linked STIG Checks (0)

No STIG checks reference this control.