NIST CSF 2.0 · PR Protect
PR.AA-01 Identities and credentials managed
Identities and credentials for authorized users, services and hardware are managed by the organization.
Mapped across 16 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8EquivalentOfficial mapping
Source: CIS Controls v8 / NIST CSF 2.0
6.1 Establish an access granting processAccess control & identity
- NIST 800-53EquivalentOfficial mapping
Source: NIST CSF 2.0 / SP 800-53 Rev. 5
AC-2 Account managementAccess control & identity
- PCI DSSEquivalentOfficial mapping
Source: PCI DSS v4.0 / NIST CSF 2.0
Req. 8 Identify users and authenticate accessAccess control & identity
- Cyber EssentialsEquivalentCuratedCE-3 User access control
Access control & identity
- DORAPartialCuratedArt. 9 Protection and prevention
Access control & identity
- Essential EightPartialCuratedE8-3 Multi-factor authentication
Access control & identity
- Essential EightPartialCuratedE8-4 Restrict administrative privileges
Access control & identity
- GLBAEquivalentCurated§314.4(c)(1) Access controls
Access control & identity
- HIPAAEquivalentCurated§164.312(a)(1) Access control
Access control & identity
- ISO 27001EquivalentCuratedA.5.15 Access control
Access control & identity
- ISO 27001EquivalentCuratedA.5.16 Identity management
Access control & identity
- NIS2PartialCuratedArt. 21(2)(i) Access control and asset management
Access control & identity
- NIST 800-171EquivalentCurated3.1.1 Limit system access to authorized users
Access control & identity
- NIST CSF 2.0EquivalentCuratedPR.AA-05 Access permissions and authorizations enforced
Access control & identity
- PCI DSSEquivalentCuratedReq. 7 Restrict access by business need to know
Access control & identity
- SOC 2EquivalentCuratedCC6.1 Logical access security controls
Access control & identity