NIST 800-53 REV 5 • ACCESS CONTROL

AC-16(1)Dynamic Attribute Association

Dynamically associate security and privacy attributes with {{ insert: param, ac-16.1_prm_1 }} in accordance with the following security and privacy policies as information is created and combined: {{ insert: param, ac-16.1_prm_2 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Dynamic association of attributes is appropriate whenever the security or privacy characteristics of information change over time. Attributes may change due to information aggregation issues (i.e., characteristics of individual data elements are different from the combined elements), changes in individual access authorizations (i.e., privileges), changes in the security category of information, or changes in security or privacy policies. Attributes may also change situationally.

Practitioner Notes

Security attributes should be dynamically associated with data as it is created and modified — not just manually tagged once. The system should update labels based on content changes.

Example 1: Configure Microsoft Purview auto-labeling to continuously scan SharePoint and OneDrive content. When a document is updated to include a Social Security number or CUI marking, the auto-labeling policy automatically upgrades the sensitivity label to CUI.

Example 2: In your CI/CD pipeline, add a step that scans code repositories for secrets or sensitive data patterns (using tools like git-secrets or truffleHog). If secrets are detected, the pipeline automatically tags the repository as containing sensitive data and blocks the merge until remediated.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management