This section describes the importance of restricting access to sensitive data and other assets. It suggests several measures for controlling access, such as configuration, controlling user access to specific data, and allowing access controls. Additionally, it recommends implementing access management procedures to protect sensitive data with high organizational value. These techniques should include rules for permitting access, authentication, encryption, and monitoring of information access. Finally, the section emphasizes the need for creating operational, reviewing, and reporting instructions for access management systems. See control 5.3, also.