Credentials (such as passwords, smartcards, certificates, and keys) are issued for personnel and other entities that require access to assets, at least in an ad hoc manner
Context and Guidance: Prior to giving personnel and other entities access to organisational assets, the organisation should issue credentials to prove that the individual requesting access has the necessary privileges to access the assets. Entities may include individuals (internal or external to the organisation) as well as devices, systems, or processes that require access to assets. The privileges associated with those credentials should be in line with the operational requirements.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-1b, ACCESS-1d, ACCESS-1g, ACCESS-1h, ACCESS-1i.