Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Access Control
  4. >SP800-53-AC-23
SP800-53-AC-23Active

Data Mining Protection

Statement

Employ techniques for data storage objects to detect and protect against unauthorized data mining.

Location

Control Family
Access Control

Control Details

Identifier
SP800-53-AC-23
Family
AC

Organisation-Defined Parameters

ac-23_odp.01
techniques
ac-23_odp.02
data storage objects

Supplemental Guidance

Data mining is an analytical process that attempts to find correlations or patterns in large data sets for the purpose of data or knowledge discovery. Data storage objects include database records and database fields. Sensitive information can be extracted from data mining operations. When information is personally identifiable information, it may lead to unanticipated revelations about individuals and give rise to privacy risks. Prior to performing data mining activities, organizations determine whether such activities are authorized. Organizations may be subject to applicable laws, executive orders, directives, regulations, or policies that address data mining requirements. Organizational personnel consult with the senior agency official for privacy and legal counsel regarding such requirements.

Data mining prevention and detection techniques include limiting the number and frequency of database queries to increase the work factor needed to determine the contents of databases, limiting types of responses provided to database queries, applying differential privacy techniques or homomorphic encryption, and notifying personnel when atypical database queries or accesses occur. Data mining protection focuses on protecting information from data mining while such information resides in organizational data stores. In contrast, AU-13 focuses on monitoring for organizational information that may have been mined or otherwise obtained from data stores and is available as open-source information residing on external sites, such as social networking or social media websites.

EO 13587 requires the establishment of an insider threat program for deterring, detecting, and mitigating insider threats, including the safeguarding of sensitive information from exploitation, compromise, or other unauthorized disclosure. Data mining protection requires organizations to identify appropriate techniques to prevent and detect unnecessary or unauthorized data mining. Data mining can be used by an insider to collect organizational information for the purpose of exfiltration.

Assessment Objective

techniques are employed for data storage objects to detect and protect against unauthorized data mining.

ATTACK
ATTACK-T1567relatedvia ctid-attack-to-sp800-53
ATTACK-T1025relatedvia ctid-attack-to-sp800-53
ATTACK-T1041relatedvia ctid-attack-to-sp800-53
ATTACK-T1048relatedvia ctid-attack-to-sp800-53
ATTACK-T1048.002relatedvia ctid-attack-to-sp800-53
View in graphReport an issue
← Back to Access Control
Access Control147 controls
SP800-53-AC-1Policy and ProceduresSP800-53-AC-2Account ManagementSP800-53-AC-2(1)Automated System Account ManagementSP800-53-AC-2(2)Automated Temporary and Emergency Account ManagementSP800-53-AC-2(3)Disable AccountsSP800-53-AC-2(4)Automated Audit ActionsSP800-53-AC-2(5)Inactivity LogoutSP800-53-AC-2(6)Dynamic Privilege ManagementSP800-53-AC-2(7)Privileged User AccountsSP800-53-AC-2(8)Dynamic Account ManagementSP800-53-AC-2(9)Restrictions on Use of Shared and Group AccountsSP800-53-AC-2(10)Shared and Group Account Credential ChangeSP800-53-AC-2(11)Usage ConditionsSP800-53-AC-2(12)Account Monitoring for Atypical UsageSP800-53-AC-2(13)Disable Accounts for High-risk IndividualsSP800-53-AC-3Access EnforcementSP800-53-AC-3(1)Restricted Access to Privileged FunctionsSP800-53-AC-3(2)Dual AuthorizationSP800-53-AC-3(3)Mandatory Access ControlSP800-53-AC-3(4)Discretionary Access ControlSP800-53-AC-3(5)Security-relevant InformationSP800-53-AC-3(6)Protection of User and System InformationSP800-53-AC-3(7)Role-based Access ControlSP800-53-AC-3(8)Revocation of Access AuthorizationsSP800-53-AC-3(9)Controlled ReleaseSP800-53-AC-3(10)Audited Override of Access Control MechanismsSP800-53-AC-3(11)Restrict Access to Specific Information TypesSP800-53-AC-3(12)Assert and Enforce Application AccessSP800-53-AC-3(13)Attribute-based Access ControlSP800-53-AC-3(14)Individual AccessSP800-53-AC-3(15)Discretionary and Mandatory Access ControlSP800-53-AC-4Information Flow EnforcementSP800-53-AC-4(1)Object Security and Privacy AttributesSP800-53-AC-4(2)Processing DomainsSP800-53-AC-4(3)Dynamic Information Flow ControlSP800-53-AC-4(4)Flow Control of Encrypted InformationSP800-53-AC-4(5)Embedded Data TypesSP800-53-AC-4(6)MetadataSP800-53-AC-4(7)One-way Flow MechanismsSP800-53-AC-4(8)Security and Privacy Policy FiltersSP800-53-AC-4(9)Human ReviewsSP800-53-AC-4(10)Enable and Disable Security or Privacy Policy FiltersSP800-53-AC-4(11)Configuration of Security or Privacy Policy FiltersSP800-53-AC-4(12)Data Type IdentifiersSP800-53-AC-4(13)Decomposition into Policy-relevant SubcomponentsSP800-53-AC-4(14)Security or Privacy Policy Filter ConstraintsSP800-53-AC-4(15)Detection of Unsanctioned InformationSP800-53-AC-4(16)Information Transfers on Interconnected SystemsSP800-53-AC-4(17)Domain AuthenticationSP800-53-AC-4(18)Security Attribute BindingSP800-53-AC-4(19)Validation of MetadataSP800-53-AC-4(20)Approved SolutionsSP800-53-AC-4(21)Physical or Logical Separation of Information FlowsSP800-53-AC-4(22)Access OnlySP800-53-AC-4(23)Modify Non-releasable InformationSP800-53-AC-4(24)Internal Normalized FormatSP800-53-AC-4(25)Data SanitizationSP800-53-AC-4(26)Audit Filtering ActionsSP800-53-AC-4(27)Redundant/Independent Filtering MechanismsSP800-53-AC-4(28)Linear Filter PipelinesSP800-53-AC-4(29)Filter Orchestration EnginesSP800-53-AC-4(30)Filter Mechanisms Using Multiple ProcessesSP800-53-AC-4(31)Failed Content Transfer PreventionSP800-53-AC-4(32)Process Requirements for Information TransferSP800-53-AC-5Separation of DutiesSP800-53-AC-6Least PrivilegeSP800-53-AC-6(1)Authorize Access to Security FunctionsSP800-53-AC-6(2)Non-privileged Access for Nonsecurity FunctionsSP800-53-AC-6(3)Network Access to Privileged CommandsSP800-53-AC-6(4)Separate Processing DomainsSP800-53-AC-6(5)Privileged AccountsSP800-53-AC-6(6)Privileged Access by Non-organizational UsersSP800-53-AC-6(7)Review of User PrivilegesSP800-53-AC-6(8)Privilege Levels for Code ExecutionSP800-53-AC-6(9)Log Use of Privileged FunctionsSP800-53-AC-6(10)Prohibit Non-privileged Users from Executing Privileged FunctionsSP800-53-AC-7Unsuccessful Logon AttemptsSP800-53-AC-7(1)Automatic Account LockSP800-53-AC-7(2)Purge or Wipe Mobile DeviceSP800-53-AC-7(3)Biometric Attempt LimitingSP800-53-AC-7(4)Use of Alternate Authentication FactorSP800-53-AC-8System Use NotificationSP800-53-AC-9Previous Logon NotificationSP800-53-AC-9(1)Unsuccessful LogonsSP800-53-AC-9(2)Successful and Unsuccessful LogonsSP800-53-AC-9(3)Notification of Account ChangesSP800-53-AC-9(4)Additional Logon InformationSP800-53-AC-10Concurrent Session ControlSP800-53-AC-11Device LockSP800-53-AC-11(1)Pattern-hiding DisplaysSP800-53-AC-12Session TerminationSP800-53-AC-12(1)User-initiated LogoutsSP800-53-AC-12(2)Termination MessageSP800-53-AC-12(3)Timeout Warning MessageSP800-53-AC-13Supervision and Review — Access ControlSP800-53-AC-14Permitted Actions Without Identification or AuthenticationSP800-53-AC-14(1)Necessary UsesSP800-53-AC-15Automated MarkingSP800-53-AC-16Security and Privacy AttributesSP800-53-AC-16(1)Dynamic Attribute AssociationSP800-53-AC-16(2)Attribute Value Changes by Authorized IndividualsSP800-53-AC-16(3)Maintenance of Attribute Associations by SystemSP800-53-AC-16(4)Association of Attributes by Authorized IndividualsSP800-53-AC-16(5)Attribute Displays on Objects to Be OutputSP800-53-AC-16(6)Maintenance of Attribute AssociationSP800-53-AC-16(7)Consistent Attribute InterpretationSP800-53-AC-16(8)Association Techniques and TechnologiesSP800-53-AC-16(9)Attribute Reassignment — Regrading MechanismsSP800-53-AC-16(10)Attribute Configuration by Authorized IndividualsSP800-53-AC-17Remote AccessSP800-53-AC-17(1)Monitoring and ControlSP800-53-AC-17(2)Protection of Confidentiality and Integrity Using EncryptionSP800-53-AC-17(3)Managed Access Control PointsSP800-53-AC-17(4)Privileged Commands and AccessSP800-53-AC-17(5)Monitoring for Unauthorized ConnectionsSP800-53-AC-17(6)Protection of Mechanism InformationSP800-53-AC-17(7)Additional Protection for Security Function AccessSP800-53-AC-17(8)Disable Nonsecure Network ProtocolsSP800-53-AC-17(9)Disconnect or Disable AccessSP800-53-AC-17(10)Authenticate Remote CommandsSP800-53-AC-18Wireless AccessSP800-53-AC-18(1)Authentication and EncryptionSP800-53-AC-18(2)Monitoring Unauthorized ConnectionsSP800-53-AC-18(3)Disable Wireless NetworkingSP800-53-AC-18(4)Restrict Configurations by UsersSP800-53-AC-18(5)Antennas and Transmission Power LevelsSP800-53-AC-19Access Control for Mobile DevicesSP800-53-AC-19(1)Use of Writable and Portable Storage DevicesSP800-53-AC-19(2)Use of Personally Owned Portable Storage DevicesSP800-53-AC-19(3)Use of Portable Storage Devices with No Identifiable OwnerSP800-53-AC-19(4)Restrictions for Classified InformationSP800-53-AC-19(5)Full Device or Container-based EncryptionSP800-53-AC-20Use of External SystemsSP800-53-AC-20(1)Limits on Authorized UseSP800-53-AC-20(2)Portable Storage Devices — Restricted UseSP800-53-AC-20(3)Non-organizationally Owned Systems — Restricted UseSP800-53-AC-20(4)Network Accessible Storage Devices — Prohibited UseSP800-53-AC-20(5)Portable Storage Devices — Prohibited UseSP800-53-AC-21Information SharingSP800-53-AC-21(1)Automated Decision SupportSP800-53-AC-21(2)Information Search and RetrievalSP800-53-AC-22Publicly Accessible ContentSP800-53-AC-23Data Mining ProtectionSP800-53-AC-24Access Control DecisionsSP800-53-AC-24(1)Transmit Access Authorization InformationSP800-53-AC-24(2)No User or Process IdentitySP800-53-AC-25Reference Monitor