An Access Control List is a structured set of rules that defines permissions for users, groups or systems on specific resources such as files, network segments or applications. Each entry in an ACL specifies a subject (who), an object (what resource) and the permitted actions (read, write, execute, delete).
ACLs are fundamental to enforcing the principle of least privilege in IT environments. They are used extensively in firewalls, operating systems and cloud platforms, and form an important part of the technical evidence that auditors review during ISO 27001 or SOC 2 assessments.