>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

03.01.01.g.03Account Management g.03

>Control Description

organization-defined time period when system usage or the need-to-know changes for an individual.

>Cross-Framework Mappings

SCF

IAC-07
Compare
IAC-07.1
Compare
IAC-15
Compare
IAC-17
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What are the organization-defined values/selections for the assignment/selection parameters in this control?
  • How were these organization-defined values determined based on risk assessment and operational needs?
  • Who approved the organization-defined values, and when were they last reviewed?
  • What governance oversight ensures this control requirement is consistently applied?
  • How do you track and monitor compliance with this control requirement?

Technical Implementation:

  • What technical mechanisms implement the requirement described in this control?
  • How do you technically enforce compliance with this control across all relevant systems?
  • What automated controls or tools support implementation of this requirement?
  • How do you prevent circumvention or bypass of the technical controls for this requirement?
  • What monitoring or alerting validates that technical controls are functioning as intended?

Evidence & Documentation:

  • Provide documented policies, procedures, or standards addressing this control requirement
  • Show technical configurations or settings that implement this control
  • Demonstrate that the control is actively enforced across CUI systems
  • Provide audit logs, reports, or other evidence showing this control in operation
  • Show evidence of periodic testing, validation, or review of this control's effectiveness

Ask AI

Configure your API key to use AI features.