N
|
control familyAC

Access Control (AC)

Access Control - Contains 25 controls and 122 control enhancements.

25
Controls
122
Enhancements
access-controlauthorizationleast-privilege

Why These Connect

Maps To3

These are equivalent or closely aligned requirements in other frameworks.

Access Control maps to ISO 27001 Annex A.9 Access Control

Addresses Topic3

This control is relevant to the linked cybersecurity topic area.

Access Control family is the primary control set for identity and access management

Implements1

These controls provide the technical implementation for the linked requirement.

Identity Management also relates to Access Control policies

Implementing Controls

PR.AAIdentity Management, Authentication and Access Control (PR.AA)

Cross-Framework Mappings

ISO 27001ISO/IEC 27001:2022
CIS v8.1CIS Controls v8.1
CMMC 2.0CMMC 2.0

Controls(25)

AC-1Policy and Procedures (AC-1)
LMH
AC-2Account Management (AC-2)
LMH
AC-3Access Enforcement (AC-3)
LMH
AC-4Information Flow Enforcement (AC-4)
MH
AC-5Separation of Duties (AC-5)
MH
AC-6Least Privilege (AC-6)
MH
AC-7Unsuccessful Logon Attempts (AC-7)
LMH
AC-8System Use Notification (AC-8)
LMH
AC-9Previous Logon Notification (AC-9)
AC-10Concurrent Session Control (AC-10)
H
AC-11Device Lock (AC-11)
MH
AC-12Session Termination (AC-12)
MH
AC-13Supervision and Review — Access Control (AC-13)W
AC-14Permitted Actions Without Identification or Authentication (AC-14)
LMH
AC-15Automated Marking (AC-15)W
AC-16Security and Privacy Attributes (AC-16)
AC-17Remote Access (AC-17)
LMH
AC-18Wireless Access (AC-18)
LMH
AC-19Access Control for Mobile Devices (AC-19)
LMH
AC-20Use of External Systems (AC-20)
LMH
AC-21Information Sharing (AC-21)
MH
AC-22Publicly Accessible Content (AC-22)
LMH
AC-23Data Mining Protection (AC-23)
AC-24Access Control Decisions (AC-24)
AC-25Reference Monitor (AC-25)

See Also

📊View in HeatmapCompare Baselines🛡Threat Coverage