ISO 27001 · A.5 Organizational

A.5.15 Access control

Establish and implement rules to control physical and logical access to information based on business and security requirements.

Mapped across 17 provisions

Equivalent and related requirements in other frameworks and regulations.

CIS Controls v8EquivalentOfficial mapping
Source: CIS Controls v8 / ISO/IEC 27001
6.1 Establish an access granting process
Access control & identity
CIS Controls v8PartialOfficial mapping
Source: CIS Controls v8 / ISO/IEC 27001
5.1 Establish and maintain an inventory of accounts
NIST 800-53EquivalentOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
AC-2 Account management
Access control & identity
Cyber EssentialsEquivalentCurated
CE-3 User access control
Access control & identity
DORAPartialCurated
Art. 9 Protection and prevention
Access control & identity
Essential EightPartialCurated
E8-3 Multi-factor authentication
Access control & identity
Essential EightPartialCurated
E8-4 Restrict administrative privileges
Access control & identity
GLBAEquivalentCurated
§314.4(c)(1) Access controls
Access control & identity
HIPAAEquivalentCurated
§164.312(a)(1) Access control
Access control & identity
ISO 27001EquivalentCurated
A.5.16 Identity management
Access control & identity
NIS2PartialCurated
Art. 21(2)(i) Access control and asset management
Access control & identity
NIST 800-171EquivalentCurated
3.1.1 Limit system access to authorized users
Access control & identity
NIST CSF 2.0EquivalentCurated
PR.AA-01 Identities and credentials managed
Access control & identity
NIST CSF 2.0EquivalentCurated
PR.AA-05 Access permissions and authorizations enforced
Access control & identity
PCI DSSEquivalentCurated
Req. 7 Restrict access by business need to know
Access control & identity
PCI DSSEquivalentCurated
Req. 8 Identify users and authenticate access
Access control & identity
SOC 2EquivalentCurated
CC6.1 Logical access security controls
Access control & identity

← All ISO 27001 annex a controls