Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
AC-21 INFORMATION SHARING
Overview
| Number | Title | Impact | Priority | Subject Area |
|---|---|---|---|---|
| AC-21 | Information Sharing | MODERATE | P2 | Access Control |
| Instructions |
|---|
| The organization: AC-21a. Facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for Assignment: organization-defined information sharing circumstances where user discretion is required; and AC-21b. Employs Assignment: organization-defined automated mechanisms or manual processes to assist users in making information sharing/collaboration decisions. |
| Guidance |
|---|
| This control applies to information that may be restricted in some manner (e.g., privileged medical information, contract-sensitive information, proprietary information, personally identifiable information, classified information related to special access programs or compartments) based on some formal or administrative determination. Depending on the particular information-sharing circumstances, sharing partners may be defined at the individual, group, or organizational level. Information may be defined by content, type, security category, or special access program/compartment. |
| Enhancements | ||||
|---|---|---|---|---|
The information system enforces information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.
The information system implements information search and retrieval services that enforce Assignment: organization-defined information sharing restrictions. |