AC-01 Access Control Policy And Procedures
Documents the Private Mendix Platform's compliance with the AC-01 control of the NIST 800-53 framework.
NIST 800-53 Access Control Compliance for Private Mendix Platform
Last modified: May 22, 2026
Introduction
Documents in this section provide more information about Private Mendix Platform's compliance with the Access Control (AC) category of the NIST 800-53 security framework. For each applicable control, we have listed which party (Mendix or the customer) is responsible for which component or aspect.
In general, Mendix is responsible for the Private Mendix Platform, Mendix Operator, Mendix Studio Pro, Mendix Runtime, and so on. Customer responsibilities are related to infra and organization processes. For more information, refer to detailed documentation below.
AC-02 Account Management
Documents the Private Mendix Platform's compliance with the AC-02 control of the NIST 800-53 framework.
AC-02 (01) Account Management - Automated System Account Management
Documents the Private Mendix Platform's compliance with the AC-02 (01) control of the NIST 800-53 framework.
AC-02 (03) Account Management (Disable Inactive Accounts)
Documents the Private Mendix Platform's compliance with the AC-02 (03) control of the NIST 800-53 framework.
AC-02 (04) Account Management - Automated Audit Actions
Documents the Private Mendix Platform's compliance with the AC-02 (04) control of the NIST 800-53 framework.
AC-02 (12) Account Management - Account Monitoring and Atypical Usage
Documents the Private Mendix Platform's compliance with the AC-02 (12) control of the NIST 800-53 framework.
AC-02 1103 Configurable Session Expiration and Auto-Logout for Users
Documents the Private Mendix Platform's compliance with the AC-02 control of the NIST 800-53 framework.
AC-03 Access Enforcement
Documents the Private Mendix Platform's compliance with the AC-03 control of the NIST 800-53 framework.
AC-04 (21) Information Flow Enforcement - Physical / Logical Separation Of Information Flows
Documents the Private Mendix Platform's compliance with the AC-04 (21) control of the NIST 800-53 framework.
AC-05 Separation Of Duties
Documents the Private Mendix Platform's compliance with the AC-05 control of the NIST 800-53 framework.
AC-06 (01) Least Privilege - Authorize Access To Security Functions
Documents the Private Mendix Platform's compliance with the AC-06 (01) control of the NIST 800-53 framework.
AC-06 (02) Least Privilege - Non-Privileged Access For Nonsecurity Functions
Documents the Private Mendix Platform's compliance with the AC-06 (02) control of the NIST 800-53 framework.
AC-06 (05) Least Privilege - Privileged Accounts
Documents the Private Mendix Platform's compliance with the AC-06 (05) control of the NIST 800-53 framework.
AC-06 (07) Least Privilege - Review Of User Privileges
Documents the Private Mendix Platform's compliance with the AC-06 (07) control of the NIST 800-53 framework.
AC-06 (08) Least Privilege (Privilege Levels For Code Execution)
Documents the Private Mendix Platform's compliance with the AC-06 (08) control of the NIST 800-53 framework.
AC-06 (09) Auditing Use Of Privileged Functions
Documents the Private Mendix Platform's compliance with the AC-06 (09) control of the NIST 800-53 framework.
AC-07 Unsuccessful Logon Attempts
Documents the Private Mendix Platform's compliance with the AC-07 control of the NIST 800-53 framework.
AC-08 Access Banner
Documents the Private Mendix Platform's compliance with the AC-08 control of the NIST 800-53 framework.
AC-10 Concurrent Session Control
Documents the Private Mendix Platform's compliance with the AC-10 control of the NIST 800-53 framework.
AC-12 Force Logout Session Termination
Documents the Private Mendix Platform's compliance with the AC-12 control of the NIST 800-53 framework.
AC-14 Permitted Actions Without Identification Or Authentication
Documents the Private Mendix Platform's compliance with the AC-14 control of the NIST 800-53 framework.
AC-17 Remote Access
Documents the Private Mendix Platform's compliance with the AC-17 control of the NIST 800-53 framework.
AC-17 (01) Remote Access (Automated Monitoring and Control)
Documents the Private Mendix Platform's compliance with the AC-17 (01) control of the NIST 800-53 framework.
AC-17 (02) Remote Access (Protection Of Confidentiality and Integrity Using Encryption)
Documents the Private Mendix Platform's compliance with the AC-17 (02) control of the NIST 800-53 framework.
AC-17 (03) Remote Access (Managed Access Control Points)
Documents the Private Mendix Platform's compliance with the AC-17 (03) control of the NIST 800-53 framework.
AC-17 (04) Remote Access (Privileged Commands and Access)
Documents the Private Mendix Platform's compliance with the AC-17 (04) control of the NIST 800-53 framework.
AC-17 (06) Remote Access (Protection Of Information)
Documents the Private Mendix Platform's compliance with the AC-17 (06) control of the NIST 800-53 framework.
AC-17 (09) Remote Access (Disconnect / Disable Access)
Documents the Private Mendix Platform's compliance with the AC-17 (09) control of the NIST 800-53 framework.
AC-18 Wireless Access
Documents the Private Mendix Platform's compliance with the AC-18 control of the NIST 800-53 framework.
AC-18 (01) Wireless Access (Authentication And Encryption)
Documents the Private Mendix Platform's compliance with the AC-18 (01) control of the NIST 800-53 framework.
AC-18 (03) Wireless Access (Disable Wireless Networking)
Documents the Private Mendix Platform's compliance with the AC-18 (03) control of the NIST 800-53 framework.
AC-19 Access Control For Mobile Devices
Documents the Private Mendix Platform's compliance with the AC-19 control of the NIST 800-53 framework.
AC-19 (05) Access Control For Mobile Devices - Full Device or Container-Based Encryption
Documents the Private Mendix Platform's compliance with the AC-19 (05) control of the NIST 800-53 framework.
AC-20 Use Of External Information Systems
Documents the Private Mendix Platform's compliance with the AC-20 control of the NIST 800-53 framework.
AC-20 (01) Use Of External Information Systems - Limits On Authorized Use
Documents the Private Mendix Platform's compliance with the AC-20 (01) control of the NIST 800-53 framework.
AC-20 (02) Use Of External Information Systems - Portable Storage Devices
Documents the Private Mendix Platform's compliance with the AC-20 (02) control of the NIST 800-53 framework.
AC-20 (02) Use Of External Information Systems - Portable Storage Devices
Documents the Private Mendix Platform's compliance with the AC-20 (02) control of the NIST 800-53 framework.
AC-21 Information Sharing
Documents the Private Mendix Platform's compliance with the AC-21 control of the NIST 800-53 framework.
AC-23 Data Mining Protection
Documents the Private Mendix Platform's compliance with the AC-23 control of the NIST 800-53 framework.