AC-1 Access Control

Access Control Policy and Procedures

Medium Priority Intermediate Level NIST CSF

The organization develops, documents, and disseminates access control policy and procedures that address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Implementation Guidance

Develop comprehensive access control policies that define who can access what resources, under what conditions, and for what purposes. Include procedures for granting, modifying, and revoking access rights.

Best Practices

Implement role-based access control (RBAC), conduct regular access reviews, maintain detailed access logs, use principle of least privilege

Testing Procedures

Review access control policies, test access provisioning and deprovisioning procedures, verify access logs are maintained

Related Guidelines

AC-2, AC-3, AC-4, AC-5, AC-6

Quick Facts

Guideline ID: AC-1
Category: Access Control
Subcategory: Policy and Procedures
Priority: Medium
Level: Intermediate
Views: 46
Last Updated: Nov 22, 2025

Actions

Get Expert Help Free Assessment

Additional Resources

NIST SP 800-53 Rev. 5, NIST SP 800-63 Digital Identity Guidelines, HIPAA Security Rule

Related Guidelines

AC-3(2) Medium

Enhanced AC-3 (2)

NIST AC-3(2) control implementation guidance for Enhanced AC-3 (2). This enhanced control addresses Access Control requi...

AC-2(11) Medium

Enhanced AC-2 (11)

NIST AC-2(11) control implementation guidance for Enhanced AC-2 (11). This enhanced control addresses Access Control req...

AC-6 Medium

Least Privilege

NIST AC-6 control implementation guidance for Least Privilege. This control addresses Access Control requirements and pr...