CIS Controls v8 · Control 6: Access Control Management
6.1 Establish an access granting process
Establish and follow a process for granting access to enterprise assets upon new hire or role change.
Mapped across 14 provisions
Equivalent and related requirements in other frameworks and regulations.
- ISO 27001EquivalentOfficial mapping
Source: CIS Controls v8 / ISO/IEC 27001
A.5.15 Access controlAccess control & identity
- NIST CSF 2.0EquivalentOfficial mapping
Source: CIS Controls v8 / NIST CSF 2.0
PR.AA-01 Identities and credentials managedAccess control & identity
- Cyber EssentialsEquivalentCuratedCE-3 User access control
Access control & identity
- DORAPartialCuratedArt. 9 Protection and prevention
Access control & identity
- Essential EightPartialCuratedE8-3 Multi-factor authentication
Access control & identity
- Essential EightPartialCuratedE8-4 Restrict administrative privileges
Access control & identity
- GLBAEquivalentCurated§314.4(c)(1) Access controls
Access control & identity
- HIPAAEquivalentCurated§164.312(a)(1) Access control
Access control & identity
- NIS2PartialCuratedArt. 21(2)(i) Access control and asset management
Access control & identity
- NIST 800-171EquivalentCurated3.1.1 Limit system access to authorized users
Access control & identity
- NIST 800-53EquivalentCuratedAC-2 Account management
Access control & identity
- PCI DSSEquivalentCuratedReq. 7 Restrict access by business need to know
Access control & identity
- PCI DSSEquivalentCuratedReq. 8 Identify users and authenticate access
Access control & identity
- SOC 2EquivalentCuratedCC6.1 Logical access security controls
Access control & identity