NIST 800-53 REV 5 • ACCESS CONTROL

AC-16(6)Maintenance of Attribute Association

Require personnel to associate and maintain the association of {{ insert: param, ac-16.6_prm_1 }} with {{ insert: param, ac-16.6_prm_2 }} in accordance with {{ insert: param, ac-16.6_prm_3 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Maintaining attribute association requires individual users (as opposed to the system) to maintain associations of defined security and privacy attributes with subjects and objects.

Practitioner Notes

The system must maintain security attribute associations throughout the information lifecycle — creation, storage, processing, transmission, and destruction. Labels do not expire or detach.

Example 1: Use Azure RMS (Rights Management Service) encryption with sensitivity labels to ensure that protection follows the document through its entire lifecycle. Even if the file is emailed externally, downloaded to a USB drive, or uploaded to a personal cloud, the encryption and label remain intact.

Example 2: For data retention, ensure your backup systems preserve classification metadata. When restoring files from backup, verify that sensitivity labels and NTFS classification properties are restored along with the file content. Test this as part of your backup verification process.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management