💼 Identity Management, Authentication, and Access Control (PR.AA)
- ID:
/frameworks/nist-csf-v2.0/pr-aa
Description​
Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access.
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization | | | 42 | | no data |
| 💼 PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions | | | 13 | | no data |
| 💼 PR.AA-03: Users, services, and hardware are authenticated | | | 53 | | no data |
| 💼 PR.AA-04: Identity assertions are protected, conveyed, and verified | | | | | no data |
| 💼 PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties | | | 116 | | no data |
| 💼 PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk | | | 44 | | no data |