SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST CSF 2.0
Browse NIST CSF 2.0
PR.AA-01: Identity and Credential Management
PR.AA-02: Identity Binding to Credentials
PR.AA-03: Authentication
PR.AA-04: Identity Assertions
PR.AA-05: Access Authorizations
PR.AA-06: Physical Access
Access Authorizations
PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties
  • Ex1:  Review logical and physical access privileges periodically and whenever someone changes roles or leaves the organization, and promptly rescind privileges that are no longer needed
  • Ex2:  Take attributes of the requester and the requested resource into account for authorization decisions (e.g., geolocation, day/time, requester endpoint’s cyber health)
  • Ex3:  Restrict access and privileges to the minimum necessary (e.g., zero trust architecture)
  • Ex4:  Periodically review the privileges associated with critical business functions to confirm proper separation of duties
Description

Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties