A.5.15 — Access control
This control implements and maintains access control mechanisms to restrict access to authorized individuals. Measures include role-based access, multi-factor authentication, and periodic reviews.
| Property | Value |
|---|---|
| Section | process |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
| SID-AUTH-02 | JWT Bearer Token Session Management |
| SID-ACCESS-01 | Multi-Tenant Isolation |
| SID-ACCESS-02 | Rate Limiting and Brute-Force Protection |
Source: ISO/IEC 27001:2022 Annex A