You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Critical Control 5 - Controlled Use of Administrative Privileges
Track, control, prevent, and correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.
PR.AC-1 Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
PR.AC-2 Physical access to assets is managed and protected
PR.AC-3 Remote access is managed
PR.AC-4 Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
PR.AC-5 Network integrity is protected (e.g., network segregation, network segmentation)
PR.AC-6 Identities are proofed and bound to credentials and asserted in interactions
PR.AC-7 Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)