High-level requirements that specify how access is managed and who may access information under what circumstances.
Sources:
NIST SP 800-192
The set of rules that define the conditions under which an access may take place.
Sources:
NISTIR 7316