NIST 800-53 REV 5 • ACCESS CONTROL

AC-16(3)Maintenance of Attribute Associations by System

Maintain the association and integrity of {{ insert: param, ac-16.3_prm_1 }} to {{ insert: param, ac-16.3_prm_2 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Maintaining the association and integrity of security and privacy attributes to subjects and objects with sufficient assurance helps to ensure that the attribute associations can be used as the basis of automated policy actions. The integrity of specific items, such as security configuration files, may be maintained through the use of an integrity monitoring mechanism that detects anomalies and changes that deviate from "known good" baselines. Automated policy actions include retention date expirations, access control decisions, information flow control decisions, and information disclosure decisions.

Practitioner Notes

The system itself must maintain the association between data and its security attributes. Labels should not fall off when data is copied, moved, or transformed.

Example 1: Microsoft Information Protection labels persist with the document regardless of where it is stored or how it is shared — the label and encryption are embedded in the file itself. Verify by labeling a document in SharePoint, downloading it, and confirming the label survives the download.

Example 2: For database exports, ensure your ETL process carries classification metadata into the target system. When exporting data from SQL Server to a data warehouse, include the sensitivity_label column in the export and map it to the target system's classification scheme.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management