Control: The organization identifies and documents specific user actions that can be performed on the information system without identification or authentication.

Supplemental Guidance: The organization allows limited user activity without identification and authentication for public websites or other publicly available information systems (e.g., individuals accessing a federal information system at http://www.firstgov.gov). Related security control: IA-2.

Control Enhancements: (1) The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission objectives.

Baseline: LOW AC-14 MOD AC-14 (1) HIGH AC-14 (1)

Family: Access Control

Class: Technical

ISO 17799 mapping: None.

COBIT 4.1 mapping: None.