- This topic has 2 replies, 2 voices, and was last updated 4 years ago by .
As an example in 252.204-7012 Safeguarding Unclassified Controlled Technical Information, Table 1 notes AC-17(2) as one of the base line controls, in document 800-171 page D-2 appendix D under 3.1 Access Control in the NIST SP 800-53 Relevant Security Controls column it notes AC-17 Remote Access. In the Document 800-53 for AC-17 it lists the control and also 9 additional control enhancements. By noting AC-17 instead of AC-17(2) in the 800-171 is it requiring you to meet control + all control enhancements?
You must be logged in to reply to this topic.