NIST CSF: PR.AC-4 Subcategory
From NIST's Cyber Security Framework (version 1):
Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Management of privileged access rights (9.2.3)
ISO 27001:2013 -
Use of privileged utility programs (9.4.4)
ISO 27001:2013 -
Access control to program source code (9.4.5)
ISO 27001:2013 -
Information access restriction (9.4.1)
ISO 27001:2013 -
Segregation of duties (6.1.2)
ISO 27001:2013 -
Access to networks and network services (9.1.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Control access to information or systems via role-based access accounts (4.3.3.7.3)
ISA/IEC 62443-2-1:2009 -
Authorization enforcement (SR 2.1)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1087.004 | Cloud Account | Discovery |
| T1197 | BITS Jobs | Defense Evasion, Persistence |
| T1538 | Cloud Service Dashboard | Discovery |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1559.001 | Component Object Model | Execution |
| T1569.002 | Service Execution | Execution |
| T1213.003 | Code Repositories | Collection |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1601.001 | Patch System Image | Defense Evasion |
| T1606.001 | Web Cookies | Credential Access |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1003.002 | Security Account Manager | Credential Access |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1543.004 | Launch Daemon | Persistence, Privilege Escalation |
| T1601 | Modify System Image | Defense Evasion |
| T1003.006 | DCSync | Credential Access |
| T1025 | Data from Removable Media | Collection |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1003.003 | NTDS | Credential Access |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1569 | System Services | Execution |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1222 | File and Directory Permissions Modification | Defense Evasion |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1070.003 | Clear Command History | Defense Evasion |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1005 | Data from Local System | Collection |
| T1547.012 | Print Processors | Persistence, Privilege Escalation |
| T1562.002 | Disable Windows Event Logging | Defense Evasion |
| T1505.005 | Terminal Services DLL | Persistence |
| T1606.002 | SAML Tokens | Credential Access |
| T1556.006 | Multi-Factor Authentication | Credential Access, Defense Evasion, Persistence |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1612 | Build Image on Host | Defense Evasion |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1134.002 | Create Process with Token | Defense Evasion, Privilege Escalation |
| T1185 | Browser Session Hijacking | Collection |
| T1552.001 | Credentials In Files | Credential Access |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1552.002 | Credentials in Registry | Credential Access |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B2.d | Identity and Access Management (IdAM) | You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function. |
| B2.a | Identity Verification, Authentication and Authorisation | You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function. |
| B2.b | Device Management | You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function. |
| B2.c | Privileged User Management | You closely manage privileged user access to networks and information systems supporting the essential function. |