NIST CSF 2.0 Category

PR.AA Identity Management, Authentication, and Access Control

PR Protect | Control identity lifecycle and least-privilege access.

Implementation Objective

Limit unauthorized access by enforcing trusted identity processes and least privilege throughout account lifecycles.

Implementation Actions

Enforce MFA and conditional access.
Manage role-based access model.
Automate joiner/mover/leaver workflow.

Evidence Examples

RBAC matrix
Identity lifecycle records
Privileged access review

Suggested Metrics

MFA coverage
Overprivileged account reduction

Framework Crosswalk

Direct mappings for this CSF category into NIST SP 800-171 family sections and CIS Controls v8 implementation domains.

NIST SP 800-171 Families

CIS Controls v8

Navigation

Back to NIST CSF 2.0 Categories CIS Controls v8 Guidance FedRAMP Guidance Cybersecurity Glossary