Cyber Resilience

NIST CSF 2.0 · All Functions · PR Protect · PR.AA Identity Management, Authentication, and Access Control

PR.AA-05

Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties

Implementation examples

Mapped NIST 800-53 r5 controls (12)

AC-01AC-02AC-03AC-05AC-06AC-10AC-16AC-17AC-18AC-19AC-24IA-13

All informative references (132)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).