>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-01Logical Access Provisioning

>Control Description

Logical access provisioning to information systems requires approval from appropriate personnel.

Theme

Process

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Design and document a process for Logical Access and requirements for access provisioning. 2. Ensure access approval logic is mandated in the access management portal accordingly. 3. Ensure that the access management portal is updated with the relevant approvers.

>Testing Procedure

1. Inspect Organization Logical Access Policy and/or Standard to determine that the requirements for access provisioning were defined. 2. Inspect evidence of the workflow from access management portal showing access requires approval and is provisioned upon approval. 3. Inspect the system generated list of identity and access groups which are in-scope and associated workgroups with approvers from access management portal. 4. Inspect access provisioning system logs for a selection of users who were granted access to production systems.

>Audit Artifacts

E-IAM-01
E-IAM-02
E-IAM-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
1

PR.AC-1

CIS Controls
3

5.6
6.1
6.7

ISO 27002:2022
2

5.9
5.15

FedRAMP Rev 5
8

AC-01
AC-02
AC-03
CP-09
IA-04
IA-05
+2 more

PCI DSS
2

7.2
A3.4

HIPAA Security Rule
8

164.308(a)(3)(i)
164.308(a)(3)(ii)(A)
164.308(a)(3)(ii)(B)
164.308(a)(4)(i)
164.308(a)(4)(ii)(B)
164.308(a)(4)(ii)(C)
+2 more

SOC 2
2

CC6.2
CC6.3

Cyber Essentials
1

SC

BSI C5
6

DEV-07
IDM-01
IDM-02
IDM-06
OIS-04
OPS-16

TX-RAMP
7

AC-1
AC-2
AC-3
CP-9
IA-4
IA-5
+1 more

Ask AI

Configure your API key to use AI features.