Privileged Access
Manage and monitor privileged account access.
9 of 9 frameworks cover this control
Framework Mappings
How Privileged Access maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.AA-05 |
| ISO 27001 | Covered | A.8.2 A.8.18 |
| CIS v8 | Covered | CIS 5.4 CIS 6.5 |
| SOC 2 | Covered | CC6.1 CC6.2 CC6.3 |
| PCI DSS | Covered | 7.2.1 7.2.2 8.6.1 |
| CMMC | Covered | AC.L2-3.1.5 AC.L2-3.1.6 AC.L2-3.1.7 |
| 800-53 | Covered | AC-2 AC-6 |
| HIPAA | Covered | §164.312(a)(1) §164.308(a)(3)(ii)(B) |
| GDPR | Covered | Art.32(1)(b) Art.29 |
About Privileged Access
Privileged Access is a cybersecurity control in the Protect domain. Manage and monitor privileged account access. Privileged access management (PAM) focuses on securing, controlling, and monitoring accounts with elevated permissions such as domain administrators, database administrators, and root accounts. Implementation typically involves deploying a PAM solution that provides password vaulting, session recording, just-in-time access provisioning, and automatic credential rotation. Since compromised privileged accounts are involved in the majority of data breaches, organizations should enforce the principle of least privilege, require MFA for all privileged access, and conduct regular reviews to ensure elevated permissions are still justified.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.