What this control requires
The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives. Controls include identification and authentication, authorization, and restricting access to authorized users.