Filter

Identity and Access Management (IAM)

Level N/A

Manage, store, and review the information of system identities, and level of access.


Login

Identity and Access Management (IAM)

Employ the separation of duties principle when implementing information system access.


Login

Identity and Access Management (IAM)

Level N/A

Employ the least privilege principle when implementing information system access.


Login

Identity and Access Management (IAM)

Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets.


Login

Identity and Access Management (IAM)

De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies.


Login

Identity and Access Management (IAM)

Level N/A

Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance.


Login

Identity and Access Management (IAM)

Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated.


Login

Identity and Access Management (IAM)

Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access.


Login

Identity and Access Management (IAM)

Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk (as defined by the organizational risk assessment) privileged access roles.


Login

Identity and Access Management (IAM)

Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures.


Login