In today’s technical reality, we are surrounded by a large number of devices with a never-ending growing network. This network is constantly retrieving and sending data, and an unlimited exchange of information is consistently occurring. In other words, this concept is known as the Internet of Things. However beneficial the Internet of Things can be for our world; the security and privacy issues must be addressed. Within this research, the security and privacy issues will be addressed through the access control area. The Internet of Things is a highly demanding and dynamic environment, making access control models complicated and somewhat difficult to design. This research was done to obtain what is required of an access control model for the Internet of Things, to ensure privacy and security. Furthermore, the research focused on how developers are applying the security requirements when designing IoT access control models. The research found that requirements included technical constraints of the IoT environment as well as following the requirements of the CIA(Confidentiality, integrity & availability) triad. In addition, the research found that developers apply different methods to achieve the requirements of the CIA triad.