>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-25Logical Access Role Permission Authorization

>Control Description

Initial permission definitions, and changes to permissions, associated with logical access roles are approved by authorized personnel.

Theme

Process

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Ensure that access to systems is granted after appropriate approvals. 2. Ensure that production access is controlled via authentication methods.

>Testing Procedure

1. Observe and validate for a sample user, that the access to the systems was approved by the appropriate party based on the business need. 2. Validate for a sample of services, that production access is controlled via appropriate authentication methods and is configured to use appropriate logical access lists.

>Audit Artifacts

E-IAM-12
E-IAM-34
E-IAM-35

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
2

6.1
6.8

ISO 27002:2022
1

8.3

FedRAMP Rev 5
5

AC-02
AC-05
AC-06
AC-06 (01)
AC-06 (02)

PCI DSS
1

7.2.1

TX-RAMP
5

AC-2
AC-5
AC-6
AC-6(1)
AC-6(2)

Ask AI

Configure your API key to use AI features.