GLBA · Elements of the information security program

§314.4(c)(1) Access controls

Implement and periodically review access controls, limiting access to customer information to those who need it.

Mapped across 16 provisions

Equivalent and related requirements in other frameworks and regulations.

CIS Controls v8EquivalentCurated
6.1 Establish an access granting process
Access control & identity
Cyber EssentialsEquivalentCurated
CE-3 User access control
Access control & identity
DORAPartialCurated
Art. 9 Protection and prevention
Access control & identity
Essential EightPartialCurated
E8-3 Multi-factor authentication
Access control & identity
Essential EightPartialCurated
E8-4 Restrict administrative privileges
Access control & identity
HIPAAEquivalentCurated
§164.312(a)(1) Access control
Access control & identity
ISO 27001EquivalentCurated
A.5.15 Access control
Access control & identity
ISO 27001EquivalentCurated
A.5.16 Identity management
Access control & identity
NIS2PartialCurated
Art. 21(2)(i) Access control and asset management
Access control & identity
NIST 800-171EquivalentCurated
3.1.1 Limit system access to authorized users
Access control & identity
NIST 800-53EquivalentCurated
AC-2 Account management
Access control & identity
NIST CSF 2.0EquivalentCurated
PR.AA-01 Identities and credentials managed
Access control & identity
NIST CSF 2.0EquivalentCurated
PR.AA-05 Access permissions and authorizations enforced
Access control & identity
PCI DSSEquivalentCurated
Req. 7 Restrict access by business need to know
Access control & identity
PCI DSSEquivalentCurated
Req. 8 Identify users and authenticate access
Access control & identity
SOC 2EquivalentCurated
CC6.1 Logical access security controls
Access control & identity