NIST 800-53 AC-21 Mappings

Information sharing applies to information that may be restricted in some manner based on some formal or administrative determination. Examples of such information include, contract-sensitive information, classified information related to special access programs or compartments, privileged information, proprietary information, and personally identifiable information. Security and privacy risk assessments as well as applicable laws, regulations, and policies can provide useful inputs to these determinations. Depending on the circumstances, sharing partners may be defined at the individual, group, or organizational level. Information may be defined by content, type, security category, or special access program or compartment. Access restrictions may include non-disclosure agreements (NDA). Information flow techniques and security attributes may be used to provide automated assistance to users making sharing and collaboration decisions.


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-21 Information Sharing Protects T1204 User Execution
AC-21 Information Sharing Protects T1204.001 Malicious Link
AC-21 Information Sharing Protects T1204.002 Malicious File