Identity Management, Authentication, and Access Control (PR.AA)

Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access

Subcategories

PR.AA-01

Identities and credentials for authorized users, services, and hardware are managed by the organization

PR.AA-02

Identities are proofed and bound to credentials based on the context of interactions

PR.AA-03

Users, services, and hardware are authenticated

PR.AA-04

Identity assertions are protected, conveyed, and verified

PR.AA-05

Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties

PR.AA-06

Physical access to assets is managed, monitored, and enforced commensurate with risk

Identity Management, Authentication, and Access Control (PR.AA)

Subcategories

PR.AA-01

PR.AA-02

PR.AA-03

PR.AA-04

PR.AA-05

PR.AA-06

Peaches.Cloud

Quick Links

Contact

Support Our Research