NIST 800-53 · AC — Access Control

AC-2 Account management

Manage system accounts, including creation, modification, review and removal.

Mapped across 16 provisions

Equivalent and related requirements in other frameworks and regulations.

HIPAAEquivalentOfficial mapping
Source: HIPAA Security Rule / NIST SP 800-53 Rev. 5
§164.312(a)(1) Access control
Access control & identity
ISO 27001EquivalentOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
A.5.15 Access control
Access control & identity
NIST CSF 2.0EquivalentOfficial mapping
Source: NIST CSF 2.0 / SP 800-53 Rev. 5
PR.AA-01 Identities and credentials managed
Access control & identity
CIS Controls v8EquivalentCurated
6.1 Establish an access granting process
Access control & identity
Cyber EssentialsEquivalentCurated
CE-3 User access control
Access control & identity
DORAPartialCurated
Art. 9 Protection and prevention
Access control & identity
Essential EightPartialCurated
E8-3 Multi-factor authentication
Access control & identity
Essential EightPartialCurated
E8-4 Restrict administrative privileges
Access control & identity
GLBAEquivalentCurated
§314.4(c)(1) Access controls
Access control & identity
ISO 27001EquivalentCurated
A.5.16 Identity management
Access control & identity
NIS2PartialCurated
Art. 21(2)(i) Access control and asset management
Access control & identity
NIST 800-171EquivalentCurated
3.1.1 Limit system access to authorized users
Access control & identity
NIST CSF 2.0EquivalentCurated
PR.AA-05 Access permissions and authorizations enforced
Access control & identity
PCI DSSEquivalentCurated
Req. 7 Restrict access by business need to know
Access control & identity
PCI DSSEquivalentCurated
Req. 8 Identify users and authenticate access
Access control & identity
SOC 2EquivalentCurated
CC6.1 Logical access security controls
Access control & identity

← All NIST 800-53 controls