Changes

|9.1.2||Identity and Access Management||The ability to recognize the identification of a person or system and ensure that only screened resources (people, external systems …) get access to the organization’s resources and assets. Access levels may also apply.

|9.1.2||Identity and Access Management||The ability to recognize the identification of a person or system and ensure that only screened resources (people, external systems …) get access to the organization’s resources and assets. Access levels may also apply.

|-

|-

|<span style="color: red">'''9.1.2.1'''</span>||Credential Management * NEW* ||The ability manage (issue, update and revoke/deactivate) digital credentials and the associated token/authenticator.

|<span style="color: red">'''9.1.2.1'''</span>||Credential Management |<span style="color: red">'''*NEW*'''</span>||The ability manage (issue, update and revoke/deactivate) digital credentials and the associated token/authenticator.

|-

|-

|9.1.3|| Security Monitoring and Management||The ability to monitor the security of buildings, assets, networks, information and people.  This includes operational monitoring as well as planning for the approach to monitoring and assessing actual results.  It also includes reporting on threats and vulnerabilities, identifying exploitable weaknesses, detecting intrusions, recovering from attacks and preventing future attacks.

|9.1.3|| Security Monitoring and Management||The ability to monitor the security of buildings, assets, networks, information and people.  This includes operational monitoring as well as planning for the approach to monitoring and assessing actual results.  It also includes reporting on threats and vulnerabilities, identifying exploitable weaknesses, detecting intrusions, recovering from attacks and preventing future attacks.