NIST CSF 2.0 · PR Protect

PR.AA-05 Access permissions and authorizations enforced

Access permissions, entitlements and authorizations are defined, managed and enforced under least privilege and separation of duties.

Mapped across 16 provisions

Equivalent and related requirements in other frameworks and regulations.

PCI DSSEquivalentOfficial mapping
Source: PCI DSS v4.0 / NIST CSF 2.0
Req. 7 Restrict access by business need to know
Access control & identity
CIS Controls v8EquivalentCurated
6.1 Establish an access granting process
Access control & identity
Cyber EssentialsEquivalentCurated
CE-3 User access control
Access control & identity
DORAPartialCurated
Art. 9 Protection and prevention
Access control & identity
Essential EightPartialCurated
E8-3 Multi-factor authentication
Access control & identity
Essential EightPartialCurated
E8-4 Restrict administrative privileges
Access control & identity
GLBAEquivalentCurated
§314.4(c)(1) Access controls
Access control & identity
HIPAAEquivalentCurated
§164.312(a)(1) Access control
Access control & identity
ISO 27001EquivalentCurated
A.5.15 Access control
Access control & identity
ISO 27001EquivalentCurated
A.5.16 Identity management
Access control & identity
NIS2PartialCurated
Art. 21(2)(i) Access control and asset management
Access control & identity
NIST 800-171EquivalentCurated
3.1.1 Limit system access to authorized users
Access control & identity
NIST 800-53EquivalentCurated
AC-2 Account management
Access control & identity
NIST CSF 2.0EquivalentCurated
PR.AA-01 Identities and credentials managed
Access control & identity
PCI DSSEquivalentCurated
Req. 8 Identify users and authenticate access
Access control & identity
SOC 2EquivalentCurated
CC6.1 Logical access security controls
Access control & identity