💼 AC-1 ACCESS CONTROL POLICY AND PROCEDURES

ID: /frameworks/nist-sp-800-53-r4/ac/01

Description

The organization: AC-1a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: AC-1a.1. An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and AC-1a.2. Procedures to facilitate the implementation of the access control policy and associated access controls; and AC-1b. Reviews and updates the current: AC-1b.1. Access control policy [Assignment: organization-defined frequency]; and AC-1b.2. Access control procedures [Assignment: organization-defined frequency].

Similar

Internal
- ID: dec-c-b8b69730

Similar Sections (Give Policies To)

Section	Internal Rules	Policies	Compliance
💼 NIST CSF v1.1 → 💼 ID.GV-1: Organizational cybersecurity policy is established and communicated			no data
💼 NIST CSF v1.1 → 💼 ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed	1	4	no data
💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes	19	34	no data
💼 NIST CSF v1.1 → 💼 PR.AC-3: Remote access is managed		22	no data
💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties	17	56	no data
💼 NIST CSF v1.1 → 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions	4	13	no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections