ABSTRACT
The “Access Control” clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical controls because authorized access to information processing facilities, logical or physical, is proven to be a key element in the security of these systems and applications. Organizations should place special emphasis on developing policy on many of these critical controls to set the expectation and requirements for all users-internal and external.
