Identity & Access Management
IAM domain controls.
Identity and Access Management Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for identity and access management.
Strong Password Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain strong password policies and procedures.
Identity Inventory
Manage, store, and review the information of system identities, and level of access.
Separation of Duties
Employ the separation of duties principle when implementing information system access.
Least Privilege
Employ the least privilege principle when implementing information system access.
User Access Provisioning
Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets.
User Access Changes and Revocation
De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies.
User Access Review
Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance.
Segregation of Privileged Access Roles
Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated.
Management of Privileged Access Roles
Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access.
CSCs Approval for Agreed Privileged Access Roles
Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk privileged access roles.
Safeguard Logs Integrity
Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures.
Uniquely Identifiable Users
Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs.
Strong Authentication
Define, implement and evaluate processes, procedures and technical measures for authenticating access to systems, application and data assets, including multifactor authentication for at least privileged user and sensitive data access.
Passwords Management
Define, implement and evaluate processes, procedures and technical measures for the secure management of passwords.
Authorization Mechanisms
Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized.