>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

3.2.7Identity and Access Management

>Control Description

FRFIs should implement risk-based identity and access controls, including Multi-Factor Authentication (MFA) and privileged access management. Where feasible, FRFIs should consider: Enforcing the principles of least privilege, conducting regular attestation of access and maintaining strong complex passwords to authenticate employee, customer and third-party access to technology assets; Implementing MFA across external-facing channels and privileged accounts (e.g., customers, employees, and third parties); Managing privileged account credentials using a secure vault; Logging and monitoring account activity as part of continuous security monitoring; Ensuring system and service accounts are securely authenticated, managed and monitored to detect unauthorized usage; and Performing appropriate background checks (where feasible) on persons granted access to the FRFI's systems or data, commensurate with the criticality and classification of the technology assets.

>Cross-Framework Mappings

SCF

IAC-01
Compare
IAC-06
Compare
IAC-16
Compare
IAC-21
Compare
MON-03
Compare

Ask AI

Configure your API key to use AI features.