Definition
Mechanism that determines whether a principal is permitted to perform a specific action on a specific resource. Includes authorization decisions (RBAC, ABAC, PBAC), enforcement at policy enforcement points, and audit of access events. Foundation for compliance frameworks (PCI DSS, HIPAA, SOX, SOC 2).
- Application
- MidPoint: Access control is an abstract concept of controlling access of users to applications.
- Standards & regulations
-
- NIST SP 800-53 Rev. 5 «Access control policy and procedures address the controls in the AC family that are implemented within systems and organizations.»
- NIST SP 800-162 «Attribute based access control (ABAC) is an access control methodology where authorizations are granted based on attributes.»
- Sources
-
- NIST SP 800-53 Rev. 5 (csrc.nist.gov) primary source
Related terms
-
Role Assignment (RA)
Specific instance of assigning a role to an identity — captures who, when, why, with what expiration. Direct (manually r …
-
Access Management (AM)
Discipline of granting and enforcing access to resources after identity has been established. Encompasses authentication …
-
Audit Trail
Chronological record of identity events — authentication, authorization decisions, provisioning actions, configuration c …
-
Privileged Account (PA)
Account with elevated rights to administer systems, modify configurations, access sensitive data, or bypass standard con …
-
Attribute-Based Access Control (ABAC)
Authorization model evaluating attributes of subject (role, department, clearance), object (sensitivity, owner), action …
-
Audit
Independent examination of identity controls, processes, and records to verify compliance with policy and regulatory req …