Authorized Access Control
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). This can be achieved by creating a list of all authorized personal who can use certain systems and devices.
Example:
Your company maintains a list of all personnel authorized to use company information systems [a]. This list is used to support identification and authentication activities conducted by IT when authorizing access to systems [a,d].
References:
-NIST SP 800-171r2 Page 22
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf
-NIST SP 800-82r3 2.3.6. Physical Access Control Systems
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf
-NIST SP 800-82r3 6.2.1 Identity Management and Access Control (PR.AC)
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf