Controlling who has access to a computer or online service and the information it stores.

NIST: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.

Adapted from: CNSSI 4009

(Also see Access Control Mechanism)