STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AC-4 (9)

Access ControlRev 5organization

Human Reviews

Control Statement

Enforce the use of human reviews for [Assignment: information flows] under the following conditions: [Assignment: conditions].

Supplemental Guidance

Organizations define security or privacy policy filters for all situations where automated flow control decisions are possible. When a fully automated flow control decision is not possible, then a human review may be employed in lieu of or as a complement to automated security or privacy policy filtering. Human reviews may also be employed as deemed necessary by organizations.

CCI Identifiers (5)

CCI-000033The information system enforces the use of human review for organization-defined security policy filters when the system is not capable of making an information flow control decision.CCI-002198Enforce the use of human reviews for organization-defined information flows under organization-defined conditions.CCI-002196Defines the information flows for which will enforce the use of human reviews under organization-defined conditions.CCI-002197Defines the conditions which will require the use of human reviews of organization-defined information flows.CCI-001418The organization defines security policy filters for which the information system enforces the use of human review.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.