# Standards and References - Just-In-Time Access Provisioning

## NIST Standards
- **NIST SP 800-207**: Zero Trust Architecture - Section 3 (Logical Components)
- **NIST SP 800-53 Rev 5**:
  - AC-2(2): Automated Temporary and Emergency Account Management
  - AC-2(3): Disable Accounts
  - AC-6: Least Privilege
  - AC-6(5): Privileged Accounts
- **NIST SP 1800-35**: Implementing a Zero Trust Architecture

## Zero Trust Frameworks
- **CISA Zero Trust Maturity Model**: Identity pillar - dynamic access provisioning
- **DoD Zero Trust Reference Architecture**: JIT/JEA requirements
- **Forrester ZTX**: Extended Zero Trust with JIT access

## Tools and Platforms
- **Microsoft Entra PIM**: Privileged Identity Management with JIT elevation
- **CyberArk JIT**: Privileged access on-demand
- **SailPoint**: Identity governance with access request workflows
- **HashiCorp Boundary**: Just-in-time access to infrastructure
- **StrongDM**: Dynamic access management

## Compliance
- **SOX**: Least privilege for financial system access
- **PCI DSS 4.0**: Requirement 7.2 - Access based on need to know
- **HIPAA**: Minimum necessary standard for PHI access