Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets.
The organizations should address any changes to the identity and access controls using the pre-established baseline. These changes could be from the proactive management of exploits via vulnerability scanning or reactive management of issues via incident management.
- Determine if personnel required to approve system access requests are identified and documented.
- Evaluate if access requests are documented and approved by required personnel prior to access provisioning.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.