Eleos | Home

Identity and Access Management (IAM)

Strong Password Policy and Procedures

Level N/A

Establish, document, approve, communicate, implement, apply, evaluate and maintain strong password policies and procedures. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-02

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.2

AC-2

AC-2(3)

AC-2(11)

AC-3

AC-3(3)

AC-12(1)

IA-2

IA-2(10)

IA-5

IA-5(1)

IA-5(18)

ID.GV-1

PR.AC-1

PR.AC-7

GOV-02

GOV-03

IAC-01

IAC-10

IAC-10.1

IAC-10.11

WEB-06

Solutions
Community

Identity and Access Management (IAM)

Identity Inventory

Level N/A

Manage, store, and review the information of system identities, and level of access.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-03

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.1

5.2

AU-10

AU-10(1)

AU-10(2)

AU-16

AU-16(1)

IA-4

IA-4(8)

IA-4(9)

IA-5

IA-5(5)

IA-8

IA-8(4)

PM-5(1)

SA-8

SA-8(22)

PR.AC-1

PR.AC-6

PR.AC-4

IAC-08

IAC-09

IAC-09.1

IAC-09.2

IAC-09.4

IAC-09.5

IAC-15

IAC-16

IAC-16.1

IAC-17

Solutions
Community

Identity and Access Management (IAM)

Separation of Duties

Level N/A

Employ the separation of duties principle when implementing information system access.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-04

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

6.8

AC-2

AC-2(3)

AC-2(11)

AC-6

AC-6(1)

AC-6(2)

AC-6(3)

AC-6(4)

AC-6(5)

AC-6(6)

AC-6(7)

AC-6(8)

AC-6(9)

AC-6(10)

PR.AC-4

HRS-11

Solutions
Community

Identity and Access Management (IAM)

Least Privilege

Level N/A

Employ the least privilege principle when implementing information system access.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-05

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

CIS v8.0

Control Number

6.8

AC-6

AC-6(4)

IA-12

IA-12(2)

IA-12(3)

PR.AC-4

IAC-20

IAC-21

3.3

Solutions
Community

Identity and Access Management (IAM)

User Access Provisioning

Level N/A

Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-06

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

6.1

AC-3

AC-16

AC-16(2)

AC-16(4)

AC-16(10)

IA-12

IA-12(1)

PR.AC-1

PR.PT-1

PR.AC-4

IAC-07

Solutions
Community

Identity and Access Management (IAM)

User Access Changes and Revocation

Level N/A

De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-07

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

CIS v8.0

Control Number

5.3

6.2

AC-2

AC-2(1)

AC-2(2)

AC-2(6)

AC-2(8)

AC-3

AC-3(8)

AC-6

AC-6(7)

AU-10

AU-10(4)

AU-16

AU-16(1)

CM-7

CM-7(1)

PR.AC-1

PR.AC-4

PR.IP-11

HRS-08

HRS-09.2

IAC-07

IAC-07.1

IAC-07.2

IAC-15.6

6.1

Solutions
Community

Identity and Access Management (IAM)

User Access Review

Level N/A

Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-08

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.1

AC-6

AC-6(4)

AC-6(8)

IA-8

IA-8(4)

PR.AC-4

IAC-17

Solutions
Community

Identity and Access Management (IAM)

Segregation of Privileged Access Roles

Level N/A

Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-09

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.4

8.2

AC-6

AC-3(7)

AC-6(4)

AC-6(8)

IA-5

IA-5(6)

IA-8

IA-8(4)

PR.AC-1

PR.AC-4

CFG-05.2

MON-01.15

MON-03.3

IAC-08

IAC-09.5

IAC-16

IAC-17

IAC-21.1

IAC-21.3

IAC-21.4

IAC-21.5

SAT-03.5

VPM-06.3

Solutions
Community

Identity and Access Management (IAM)

Management of Privileged Access Roles

Level N/A

Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-10

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.1

6.5

8.2

AC-2

AC-2(7)

AC-3

AC-3(4)

AC-3(11)

AC-3(13)

AC-3(14)

AC-6

AC-6(4)

AC-6(5)

AC-6(8)

AC-12(3)

AC-17

AC-17(4)

IA-8

IA-8(4)

PR.AC-4

MON-01.15

MON-03.3

IAC-08

IAC-09.5

IAC-16

IAC-16.1

IAC-17

Solutions
Community

Identity and Access Management (IAM)

CSCs Approval for Agreed Privileged Access Roles

Level N/A

Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk (as defined by the organizational risk assessment) privileged access roles.

Parent

Compliance Framework

CCM v4.0.10

Control Number

IAM-11

Related

Compliance Framework

NIST 800-53 Rev 5