CIS Controls v8

CIS 6 Access Control Management

Starts in IG1 | Enforce least privilege and strong authentication.

Implementation Actions

Implement MFA and conditional access.
Use role-based authorization.
Recertify access periodically.

Evidence Examples

RBAC matrix
MFA policy/config records
Access certification outputs

Suggested Metrics

MFA coverage
Overprivileged access reduction

Navigation

Back to All 18 CIS Controls NIST CSF 2.0 Guidance FedRAMP Guidance Cybersecurity Glossary