💼 Identity Management, Authentication, and Access Control (PR.AA)
- Contextual name: 💼 Identity Management, Authentication, and Access Control (PR.AA)
- ID:
/frameworks/nist-csf-v2.0/pr-aa
- Located in: 💼 NIST CSF v2.0
Description​
Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access.
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| 💼 PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization | | | 38 | |
| 💼 PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions | | | 13 | |
| 💼 PR.AA-03: Users, services, and hardware are authenticated | | | 32 | |
| 💼 PR.AA-04: Identity assertions are protected, conveyed, and verified | | | | |
| 💼 PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties | | | 91 | |
| 💼 PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk | | | 22 | |