Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect

AC – Access Control

NIST CSF Function PR.AA
In Identity and Access Management (IAM) and access control, normative documents are crucial for defining how users, devices, and applications are authenticated, authorized, and audited. Standards such as ISO/IEC 27001 and ISO/IEC 27002 provide guidance on access control policies, user lifecycle management, and segregation of duties, while NIST SP 800-63 outlines digital identity guidelines and authentication frameworks. Regulatory frameworks like the EU NIS2 Directive or sector-specific laws such as HIPAA in healthcare require organizations to enforce strict access controls to protect sensitive data. By following these standards and regulations, organizations can prevent unauthorized access, enforce least-privilege principles, and maintain compliance with legal and industry expectations.

ANSSI Recommendations for Multi-Factor Authentication and Passwords

The ANSSI guide “Recommandations relatives à l’authentification multifacteur et aux mots de passe” provides comprehensive security recommendations focused on authentication methods. It strongly advocates for the use of multifactor authentication… Read More »ANSSI Recommendations for Multi-Factor Authentication and Passwords