๐ผ Identity Management, Authentication, and Access Control (PR.AA)
- Contextual name: ๐ผ Identity Management, Authentication, and Access Control (PR.AA)
- ID:
/frameworks/nist-csf-v2.0/pr-aa
- Located in: ๐ผ NIST CSF v2.0
Descriptionโ
Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access.
Similarโ
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| ๐ผ PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization | | | 23 | |
| ๐ผ PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions | | | 8 | |
| ๐ผ PR.AA-03: Users, services, and hardware are authenticated | | | 22 | |
| ๐ผ PR.AA-04: Identity assertions are protected, conveyed, and verified | | | | |
| ๐ผ PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties | | | 58 | |
| ๐ผ PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk | | | 13 | |