← NIST CSF 2.0 in plain English

PR.AA-05

Protect / Identity Management, Authentication, and Access Control

Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties.

Think of it likeSetting house rules for who can access different parts of the home.

In plain English

The family sets rules about who is allowed in certain areas of the house, ensuring that access is limited to those who need it.