Using standards to control access to your IT

British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.

You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:

Standard number/name Description/Benefits Published by
BS ISO/IEC 27002 Code of practice for information security controls BS ISO/IEC 27002 devotes a whole clause to access control, so this is a good place to start. BSI
BS ISO/IEC 27032 Guidelines for cyber security BS ISO/IEC 27032 has some useful additional guidance, particularly on server protection. BSI
The Critical Security Controls You will also find useful information on access control within the Critical Controls for Cyber Defense issued by the SANS Institute SANS Institute
SP 800-53r4 Security and Privacy Controls for Federal Information Systems and Organizations The US National Institute of Standards and Technology (NIST)  Special Publication SP 800-53r4 contains suggested access controls. US National Institute of Standards and Technology
IR 7621, Small Business Information Security: The Fundamentals The NIST Interagency Report IR 7621, although now somewhat dated, has several sections that address access control. US National Institute of Standards and Technology