Manage, store, and review the information of system identities, and level of access.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Employ the separation of duties principle when implementing information system access.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Employ the least privilege principle when implementing information system access.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk (as defined by the organizational risk assessment) privileged access roles.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Passcode