UCF STIG Viewer Logo

AC-21 INFORMATION SHARING


Overview

Number Title Impact Priority Subject Area
AC-21 Information Sharing MODERATE P2 Access Control

Instructions
The organization:
AC-21a.
Facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for Assignment: organization-defined information sharing circumstances where user discretion is required; and
AC-21b.
Employs Assignment: organization-defined automated mechanisms or manual processes to assist users in making information sharing/collaboration decisions.
Guidance
This control applies to information that may be restricted in some manner (e.g., privileged medical information, contract-sensitive information, proprietary information, personally identifiable information, classified information related to special access programs or compartments) based on some formal or administrative determination. Depending on the particular information-sharing circumstances, sharing partners may be defined at the individual, group, or organizational level. Information may be defined by content, type, security category, or special access program/compartment.

Enhancements
AC-21 (1) Automated Decision Support

The information system enforces information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.

AC-21 (2) Information Search And Retrieval

The information system implements information search and retrieval services that enforce Assignment: organization-defined information sharing restrictions.