NIST 800-53 REV 5 • ACCESS CONTROL

AC-4(11)Configuration of Security or Privacy Policy Filters

Provide the capability for privileged administrators to configure {{ insert: param, ac-4.11_prm_1 }} to support different security or privacy policies.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Documentation contains detailed information for configuring security or privacy policy filters. For example, administrators can configure security or privacy policy filters to include the list of inappropriate words that security or privacy policy mechanisms check in accordance with the definitions provided by organizations.

Practitioner Notes

Security filters need to be configurable by authorized personnel so they can adapt to changing threats and business needs. But that configuration access must itself be tightly controlled.

Example 1: In Microsoft Purview, restrict DLP policy editing permissions to your Compliance Administrator role group. Regular security analysts can view policies and alerts but cannot modify the rules. Configure this under Purview → Roles & Scopes → Role Groups.

Example 2: On your proxy server (Zscaler, Cisco Umbrella), enable an audit trail for URL filtering category changes. Require that any modifications to allow or block categories go through a change advisory board (CAB) process and get documented in your ITSM tool.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management