[{"id":"AC-1","familyId":"AC","title":"Policy and Procedures","description":"Develop, document, and disseminate access control policy and procedures.","priority":"P1","baselines":{"low":true,"moderate":true,"high":true},"enhancementCount":0},{"id":"AC-2","familyId":"AC","title":"Account Management","description":"Define and manage information system accounts including establishing, activating, modifying, reviewing, disabling, and removing accounts.","priority":"P1","baselines":{"low":true,"moderate":true,"high":true},"enhancementCount":13},{"id":"AC-3","familyId":"AC","title":"Access Enforcement","description":"Enforce approved authorizations for logical access to information and system resources.","priority":"P1","baselines":{"low":true,"moderate":true,"high":true},"enhancementCount":15},{"id":"AC-4","familyId":"AC","title":"Information Flow Enforcement","description":"Enforce approved authorizations for controlling the flow of information within the system and between connected systems.","priority":"P1","baselines":{"low":false,"moderate":true,"high":true},"enhancementCount":32},{"id":"AC-5","familyId":"AC","title":"Separation of Duties","description":"Separate duties of individuals to prevent malicious activity without collusion.","priority":"P1","baselines":{"low":false,"moderate":true,"high":true},"enhancementCount":0},{"id":"AC-6","familyId":"AC","title":"Least Privilege","description":"Employ the principle of least privilege, allowing only authorized accesses for users which are necessary to accomplish assigned organizational tasks.","priority":"P1","baselines":{"low":false,"moderate":true,"high":true},"enhancementCount":10},{"id":"AC-7","familyId":"AC","title":"Unsuccessful Logon Attempts","description":"Enforce a limit of consecutive invalid logon attempts by a user and take defined actions when the maximum is exceeded.","priority":"P2","baselines":{"low":true,"moderate":true,"high":true},"enhancementCount":4}]