PR.AC-P: Identity Management, Authentication, And Access Control


Access to data and devices is limited to authorized individuals, processes, and devices, and is managed consistent with the assessed risk of unauthorized access.

Framework Subcategories

PR.AC-P3: Remote access is managed

[ Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.