NIST 800-53 Access Control Compliance for Private Mendix Platform
Last modified: June 2, 2026
Introduction
Documents in this section provide more information about Private Mendix Platform's compliance with the Access Control (AC) category of the NIST 800-53 security framework. For each applicable control, we have listed which party (Mendix or the customer) is responsible for which component or aspect.
In general, Mendix is responsible for the Private Mendix Platform, Mendix Operator, Mendix Studio Pro, Mendix Runtime, and so on. Customer responsibilities are related to infra and organization processes. For more information, refer to detailed documentation below.
- AC-01 Access Control Policy And Procedures
- AC-02 Account Management
- AC-02 (01) Account Management - Automated System Account Management
- AC-02 (03) Account Management (Disable Inactive Accounts)
- AC-02 (04) Account Management - Automated Audit Actions
- AC-02 (12) Account Management - Account Monitoring and Atypical Usage
- AC-02 1103 Configurable Session Expiration and Auto-Logout for Users
- AC-03 Access Enforcement
- AC-04 (21) Information Flow Enforcement - Physical / Logical Separation Of Information Flows
- AC-05 Separation Of Duties
- AC-06 (01) Least Privilege - Authorize Access To Security Functions
- AC-06 (02) Least Privilege - Non-Privileged Access For Nonsecurity Functions
- AC-06 (05) Least Privilege - Privileged Accounts
- AC-06 (07) Least Privilege - Review Of User Privileges
- AC-06 (08) Least Privilege (Privilege Levels For Code Execution)
- AC-06 (09) Auditing Use Of Privileged Functions
- AC-07 Unsuccessful Logon Attempts
- AC-08 Access Banner
- AC-10 Concurrent Session Control
- AC-12 Force Logout Session Termination
- AC-14 Permitted Actions Without Identification Or Authentication
- AC-17 Remote Access
- AC-17 (01) Remote Access (Automated Monitoring and Control)
- AC-17 (02) Remote Access (Protection Of Confidentiality and Integrity Using Encryption)
- AC-17 (03) Remote Access (Managed Access Control Points)
- AC-17 (04) Remote Access (Privileged Commands and Access)
- AC-17 (06) Remote Access (Protection Of Information)
- AC-17 (09) Remote Access (Disconnect / Disable Access)
- AC-18 Wireless Access
- AC-18 (01) Wireless Access (Authentication And Encryption)
- AC-18 (03) Wireless Access (Disable Wireless Networking)
- AC-19 Access Control For Mobile Devices
- AC-19 (05) Access Control For Mobile Devices - Full Device or Container-Based Encryption
- AC-20 Use Of External Information Systems
- AC-20 (01) Use Of External Information Systems - Limits On Authorized Use
- AC-20 (02) Use Of External Information Systems - Portable Storage Devices
- AC-20 (02) Use Of External Information Systems - Portable Storage Devices
- AC-21 Information Sharing
- AC-23 Data Mining Protection