Protect - Access Management

cybersecurity nist csf risk management smallbusiness Aug 30, 2022

One of the largest components of the NIST Framework falls under the “Protect” function, which provides a series of outcomes to secure your systems. This function supports the ability to reduce the attack surface and limit the cyber events' impact on your systems.

Protecting your organization involves six critical cybersecurity categories:

  • Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes and Procedures
  • Maintenance
  • Protective Technologies

What is the first thing that comes to mind when you hear “access management?” Most often than not is usernames and passwords. However, here is what you need to know:

  • The credentials must be identified and managed (the entire lifecycle, from creation to deletion)
  • Physical access to your devices also falls under this category
  • Managed remote access
  • Access permissions are managed using the principle of least privilege
  • Network segmentation is also part of access control
  • Make sure all activities are associated with an individual for audit traceability
  • Based on risk, use multi-factor authentication (MFA) as appropriate

Did you know that Access Control was a lot more involved?


*** FREE GUIDE ***

Author: Dr. Bill Souza | Aug 30, 2022 


Want Helpful Cyber Risk Tips Every Week?


You're safe with me. I'll never spam you or sell your contact info.