03.01.02 —
What this control requires
Source: NIST SP 800-171 R3 §03.01.02 (official control text).
Why this matters
Access enforcement is the mechanism that actually prevents unauthorized users from reaching sensitive resources. While access control policies define who should have access to what, access enforcement is the technical implementation that blocks or permits every access attempt in real-time. Without proper enforcement, policies become meaningless documentation. This control protects CUI by ensuring that system processes, applications, and services actively verify permissions before granting access to files, databases, applications, and network resources. It mitigates threats from both external attackers who breach perimeter defenses and insider threats from employees attempting to access data outside their job responsibilities.
What evidence assessors expect
Assessors typically look for: configuration export, screenshot, log file. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on 03.01.02.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →