British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.
You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:
Standard number/name | Description/Benefits | Published by |
BS ISO/IEC 27002 Code of practice for information security controls | BS ISO/IEC 27002 devotes a whole clause to access control, so this is a good place to start. | BSI |
BS ISO/IEC 27032 Guidelines for cyber security | BS ISO/IEC 27032 has some useful additional guidance, particularly on server protection. | BSI |
The Critical Security Controls | You will also find useful information on access control within the Critical Controls for Cyber Defense issued by the SANS Institute | SANS Institute |
SP 800-53r4 Security and Privacy Controls for Federal Information Systems and Organizations | The US National Institute of Standards and Technology (NIST) Special Publication SP 800-53r4 contains suggested access controls. | US National Institute of Standards and Technology |
IR 7621, Small Business Information Security: The Fundamentals | The NIST Interagency Report IR 7621, although now somewhat dated, has several sections that address access control. | US National Institute of Standards and Technology |