Lívia Szabó az ablaknál állt és nézte a szomszéd telkét, ahol egy fiatal nő teregetett a kötélen. Idegen ember a házban, ami az övé lett volna. A házban, ahol felnőtt, ahol ifjúkora telt el, ahol az anyja meghalt.
“Lívi, mit bámulsz ennyire?” szólította meg a húga, Zsóka, aki énnapival a kezében lépett be a konyhába. “Kihűl a teád.”
“Csak nézem” sóhajtott Lívia, és elfordult az ablaktól. “Hogy rendezkedik be ott.”
“Ne gyötörd magad” mondta Zsóka, miközben a bevásárlást pakolta ki az asztalra. “Ami megtörtént, megtörtént.”
“Könnyű neked mondani. Neked van saját lakásod, én meg a nyakadon élek.”
“Ne mondj butas# NIST 800-53 Moderate Control Baselines
| Family | Identifier | Name | Control Text |
|——–|——–|——–|——–|
| AC | AC-1 | POLICY AND PROCEDURES | [Withdrawn: Incorporated into PM-9]. |
| AC | AC-2 | ACCOUNT MANAGEMENT | a. Select and employ the following account management processes: [Assignment: organization-defined account management processes]. b. Review accounts for compliance with account management requirements [Assignment: organization-defined frequency]. |
| AC | AC-2 (1) | ACCOUNT MANAGEMENT \| AUTOMATED SYSTEM ACCOUNT MANAGEMENT | Automate support for management of system accounts. |
| AC | AC-2 (2) | ACCOUNT MANAGEMENT \| REMOVAL OF TEMPORARY / EMERGENCY ACCOUNTS | Remove temporary and emergency accounts after [Assignment: organization-defined time period for each type of account]. |
| AC | AC-2 (3) | ACCOUNT MANAGEMENT \| DISABLE INACTIVE ACCOUNTS | Disable accounts that are inactive for [Assignment: organization-defined time period]. |
| AC | AC-2 (4) | ACCOUNT MANAGEMENT \| AUTOMATED AUDIT ACTIONS | Automatically audit account creation, modification, enabling, disabling, and removal actions and notify [Assignment: organization-defined personnel or roles]. |
| AC | AC-2 (5) | ACCOUNT MANAGEMENT \| INACTIVITY LOGOUT | Require that users log out when [Assignment: organization-defined time-period of expected inactivity or description of when to log out]. |
| AC | AC-2 (7) | ACCOUNT MANAGEMENT \| ROLE-BASED SCHEMES | Establish and administer privileged user accounts in accordance with a role-based access scheme that organizes information system and network privileges into roles. |
| AC | AC-2 (9) | ACCOUNT MANAGEMENT \| RESTRICTIONS ON USE OF SHARED AND GROUP ACCOUNTS | Only permit the use of shared or group accounts that meet [Assignment: organization-defined conditions for establishing shared or group accounts]. |
| AC | AC-2 (12) | ACCOUNT MANAGEMENT \| ACCOUNT MONITORING / ATYPICAL USAGE | a. Monitor information system accounts for [Assignment: organization-defined atypical usage]; and b. Report atypical usage of information system accounts to [Assignment: organization-defined personnel or roles]. |
| AC | AC-3 | ACCESS ENFORCEMENT | Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
| AC | AC-3 (2) | ACCESS ENFORCEMENT \| DUAL AUTHORIZATION | Enforce dual authorization for [Assignment: organization-defined privileged commands and/or other organization-defined actions]. |
| AC | AC-3 (3) | ACCESS ENFORCEMENT \| MANDATORY ACCESS CONTROL | Enforce [Assignment: organization-defined mandatory access control policy] over the set of covered subjects and objects specified in the policy, and where the policy: (a) Is uniformly enforced across the covered subjects and objects within the system; (b) Specifies that a subject that has been granted access to information is constrained from doing any of the following; (1) Passing the information to unauthorized subjects or objects; (2) Granting its privileges to other subjects; (3) Changing one or more security attributes (e.g., classification levels, security categories) on subjects, objects, the system, or system components; (4) Choosing the security attributes to be associated with newly created or modified objects; or (5) Changing the rules governing access control; and (c) Specifies that [Assignment: organization-defined subjects] may explicitly grant authorized access to information in the possession of [Assignment: organization-defined subjects] to other [Assignment: organization-defined subjects] unless otherwise restricted by [Assignment: organization-defined rules]. |
| AC | AC-3 (4) | ACCESS ENFORCEMENT \| DISCRETIONARY ACCESS CONTROL | Enforce [Assignment: organization-defined discretionary access control policy] over the set of covered subjects and objects specified in the policy and where the policy specifies that a subject that has been granted access to information can do one or more of the following: (a) Pass the information to any other subjects or objects; (b) Grant its privileges to other subjects; or (c) Change security attributes on subjects, objects, the system, or the systems components. |
| AC | AC-4 | INFORMATION FLOW ENFORCEMENT | Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [Assignment: organization-defined information flow control policies]. |
| AC | AC-4 (8) | INFORMATION FLOW ENFORCEMENT \| SECURITY POLICY FILTERS | Enforce information flow control using [Assignment: organization-defined security policy filters] as a basis for flow control decisions for [Assignment: organization-defined information flows]. |
| AC | AC-4 (21) | INFORMATION FLOW ENFORCEMENT \| PHYSICAL / LOGICAL SEPARATION OF INFORMATION FLOWS | Separate information flows logically or physically using [Assignment: organization-defined mechanisms and/or techniques] to accomplish [Assignment: organization-defined required separations by types of information]. |
| AC | AC-5 | SEPARATION OF DUTIES | Separate [Assignment: organization-defined duties of individuals]. |
| AC | AC-6 | LEAST PRIVILEGE | Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks. |
| AC | AC-6 (1) | LEAST PRIVILEGE \| AUTHORIZE ACCESS TO SECURITY FUNCTIONS | Authorize access for [Assignment: organization-defined individuals] to [Assignment: organization-defined security functions] and security-relevant information. |
| AC | AC-6 (2) | LEAST PRIVILEGE \| NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS | Require that users of system accounts (or roles) with access to [Assignment: organization-defined security functions] use non-privileged accounts or roles when accessing nonsecurity functions. |
| AC | AC-6 (3) | LEAST PRIVILEGE \| NETWORK ACCESS TO PRIVILEGED COMMANDS | Authorize network access to [Assignment: organization-defined privileged commands] only for [Assignment: organization-defined compelling operational needs] and document the rationale for such access in the security plan for the system. |
| AC | AC-6 (5) | LEAST PRIVILEGE \| PRIVILEGED ACCOUNTS | Restrict privileged accounts on the system to [Assignment: organization-defined personnel or roles]. |
| AC | AC-6 (9) | LEAST PRIVILEGE \| AUDITING USE OF PRIVILEGED FUNCTIONS | Audit the execution of privileged functions. |
| AC | AC-6 (10) | LEAST PRIVILEGE \| PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS | Prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards or countermeasures. |
| AC | AC-7 | UNSUCCESSFUL LOGON ATTEMPTS | a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded. |
| AC | AC-8 | SYSTEM USE NOTIFICATION | Display [Assignment: organization-defined system use notification message or banner] to users before granting access to the system that provides privacy and security notices consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and state that: (a) Users are accessing a U.S. Government system; (b) System usage is subject to monitoring; (c) Unauthorized use of the system
