Which DSAC certification domain is about managing permissions and access to resources?

Controlling who can access which resources and under what conditions is the core goal of access control. It involves authenticating users, then authorizing what actions they may perform and which resources they can reach, with the aim of enforcing the principle of least privilege. Implementations like access control lists, role-based access control, and attribute-based access control are used to codify and enforce these permissions, ensuring that people can do only what they need to do for their roles and nothing more. In practice, this means granting appropriate access to data and systems while keeping thorough records of who accessed what and when. Other domains focus on different areas: risk management centers on identifying and mitigating threats, cryptography on protecting data through encryption and keys, and software assurance on building secure and reliable software throughout its lifecycle.