You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Critical Control 14 - Controlled Access Based on the Need to Know
Track, control, prevent, correct, and secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and
applications have a need and right to access these critical assets based on an approved classification.
PR.AC-1 Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
PR.AC-2 Physical access to assets is managed and protected
PR.AC-3 Remote access is managed
PR.AC-4 Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
PR.AC-5 Network integrity is protected (e.g., network segregation, network segmentation)
PR.AC-6 Identities are proofed and bound to credentials and asserted in interactions
PR.AC-7 Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)