Control domain
Access control & identity
Granting, restricting and authenticating access to systems and data based on need-to-know.
17 requirements across 13frameworks & regulations.
- ISO 27001EquivalentA.5.15 Access control
- ISO 27001EquivalentA.5.16 Identity management
- NIST CSF 2.0EquivalentPR.AA-01 Identities and credentials managed
- NIST CSF 2.0EquivalentPR.AA-05 Access permissions and authorizations enforced
- CIS Controls v8Equivalent6.1 Establish an access granting process
- SOC 2EquivalentCC6.1 Logical access security controls
- NIST 800-53EquivalentAC-2 Account management
- NIST 800-171Equivalent3.1.1 Limit system access to authorized users
- PCI DSSEquivalentReq. 7 Restrict access by business need to know
- PCI DSSEquivalentReq. 8 Identify users and authenticate access
- HIPAAEquivalent§164.312(a)(1) Access control
- GLBAEquivalent§314.4(c)(1) Access controls
- Cyber EssentialsEquivalentCE-3 User access control
- Essential EightPartialE8-3 Multi-factor authentication
- Essential EightPartialE8-4 Restrict administrative privileges
- DORAPartialArt. 9 Protection and prevention