AC - Access Control

The AC family contains controls that define how organizations limit system access to authorized users, processes, and devices, specifying requirements for identification, authentication, authorization, session management, and account management. It also mandates regular review and adjustment of access rights to ensure they align with current roles and responsibilities.