>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PR.AA-05Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties

>Control Description

This identity management, authentication, and access control subcategory ensures that access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties. Key activities include: Review logical and physical access privileges periodically and whenever someone changes roles or leaves the organization, and promptly rescind priv...; Take attributes of the requester and the requested resource into account for authorization decisions (e; Restrict access and privileges to the minimum necessary (e.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
AC-01
Compare
AC-02
Compare
AC-03
Compare
AC-05
Compare
AC-06
Compare
AC-10
Compare
AC-16
Compare
AC-17
Compare
AC-18
Compare
AC-19
Compare
AC-24
Compare
IA-13
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
12.1.3
Compare
7.1.1
Compare
7.2.1
Compare
7.2.2
Compare
7.2.4
Compare
7.2.5.1
Compare
8.1.1
Compare
8.2.6
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.1
Compare
5.3
Compare
5.14
Compare
5.15
Compare
5.16
Compare
5.17
Compare
5.18
Compare
8.2
Compare
8.3
Compare
8.5
Compare
8.18
Compare

SOC 2 TSC

CC6.2
Compare
CC6.3
Compare

CIS Controls v8

3.3
Compare
5.1
Compare
6.8
Compare

SCF

HRS-02
Compare
HRS-11
Compare
IAC-01
Compare
IAC-01.2
Compare
IAC-02
Compare
IAC-03
Compare
IAC-04
Compare
IAC-05
Compare
IAC-08
Compare
IAC-21
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

CCC-04
CEK-10
CEK-11
CEK-12
CEK-13
CEK-14
CEK-15
CEK-16
+24 more

CIS Controls v8.0

3.3
6.8

CIS Controls v8.1

3.3
5.1
6.8

CRI Profile v2.0

PR.AA-05
PR.AA-05.01
PR.AA-05.02
PR.AA-05.03
PR.AA-05.04

CSF v1.1

PR.AC-1
PR.AC-3
PR.AC-4

ISO/IEC 27001:2022

Mandatory Clause: None
Annex A Controls: 5.1
Annex A Controls: 5.3
Annex A Controls: 5.14
Annex A Controls: 5.15
Annex A Controls: 5.16
Annex A Controls: 5.17
Annex A Controls: 5.18
+4 more

NICE Framework

DD-WRL-001
DD-WRL-004
IO-WRL-003
IO-WRL-005
OG-WRL-002
OG-WRL-013
OG-WRL-014
PD-WRL-004

PCI DSS

7.2.2
7.2.4
7.2.5.1
8.2.6
12.1.3
8.1.1
7.1.1
7.2.1

SCF

HRS-02
HRS-11
IAC-01
IAC-01.2
IAC-02
IAC-03
IAC-04
IAC-05
+2 more

SP 800-171 Rev 3

03.01.01
03.01.02
03.01.04
03.01.05
03.01.06
03.01.07
03.01.12
03.01.16
+3 more

SP 800-218

PO.5.2
PS.1.1

SP 800-53 Rev 5.1.1

AC-01
AC-02
AC-03
AC-05
AC-06
AC-10
AC-16
AC-17
+4 more

SP 800-53 Rev 5.2.0

AC-01
AC-02
AC-03
AC-05
AC-06
AC-10
AC-16
AC-17
+4 more

Ask AI

Configure your API key to use AI features.