Skip to content
    Home / Function (NIST CSF 2.0) / PR - Protect

    AC – Access Control

    NIST CSF Function PR.AA
    In Identity and Access Management (IAM) and access control, normative documents are crucial for defining how users, devices, and applications are authenticated, authorized, and audited. Standards such as ISO/IEC 27001 and ISO/IEC 27002 provide guidance on access control policies, user lifecycle management, and segregation of duties, while NIST SP 800-63 outlines digital identity guidelines and authentication frameworks. Regulatory frameworks like the EU NIS2 Directive or sector-specific laws such as HIPAA in healthcare require organizations to enforce strict access controls to protect sensitive data. By following these standards and regulations, organizations can prevent unauthorized access, enforce least-privilege principles, and maintain compliance with legal and industry expectations.

    ANSSI Recommendations for Secure Administration of AD-based IS (FRENCH)

    The ANSSI document “Recommandations pour l’administration sécurisée des SI reposant sur Active Directory” provides comprehensive guidance to secure information systems (SI) that rely on Microsoft’s Active Directory (AD). It emphasizes… Read More »ANSSI Recommendations for Secure Administration of AD-based IS (FRENCH)

    ANSSI Recommendations for Multi-Factor Authentication and Passwords

    The ANSSI guide “Recommandations relatives à l’authentification multifacteur et aux mots de passe” provides comprehensive security recommendations focused on authentication methods. It strongly advocates for the use of multifactor authentication… Read More »ANSSI Recommendations for Multi-Factor Authentication and Passwords