IEF-RA 2.0b2 FTF Avatar
  1. OMG Issue

IEFRA2 — AC Features

  • Key: IEFRA2-40
  • Status: open  
  • Source: Advanced Systems Management Group Ltd. ( Mr. Michael Abramson)
  • Summary:

    3.3.2 Weak Explanation of Conventional Access Control Failures
    It's not entirely clear whether the section is referring to network/system-level access controls or file/data-level access controls. The phrase "once a user gains access, they may have broad, unchecked access to data" could be interpreted as referring to file permissions, shared drives, or database access, rather than network/system access.
    Suggest:
    "Traditional access control models primarily enforce security at the network or system level, restricting access at the perimeter but offering limited control over individual data elements. Once a user gains entry to a secured environment—such as a classified network, a protected enclave, or a shared system—they often receive broad, unchecked access to vast amounts of information. This approach lacks the fine-grained policy enforcement required for modern, dynamic multi-organization environments, where trust relationships and security requirements shift based on mission needs and real-time risk factors.'

  • Reported: IEF-RA 2.0a1 — Mon, 28 Jul 2025 15:30 GMT
  • Updated: Mon, 28 Jul 2025 15:30 GMT