Does NIST Cybersecurity Framework require Access Control?
Yes — 1 provision
Access Control (PR.AA)
"CSF 2.0 consolidated identity and access management into a single **PR.AA** subcategory, clarifying that authentication and authorization are inseparable."
Requirements
| Requirement | Details |
|---|---|
| Identity management | Manage identities and credentials for authorized users |
| Access enforcement | Enforce access permissions based on policies |
Sources: NIST CSF 2.0