IAM-04: Policies and Procedures

Control Family:

CSF v1.1 References:

ID.GV-1
PR.AC-1
PR.AC-4

PF v1.0 References:

GV.PO-P1
PR.AC-P1
PR.AC-P4

Control Statement

Policies and procedures shall be established to store and manage identity information about every person who accesses IT infrastructure and to determine their level of access. Policies shall also be developed to control access to network resources based on user identity.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4