R5 - System Access Controls

CIP-007 R5 requires entities to implement and maintain logical access controls for all cyber assets, ensuring that only authorized personnel can access systems and that access rights are reviewed regularly. It mandates documented procedures for account creation, authentication, privilege management and timely removal of access when it is no longer needed.