IAM-06: User Access Provisioning

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:

Previous Version:

Control Statement

Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets.

Implementation Guidance

The organizations should address any changes to the identity and access controls using the pre-established baseline. These changes could be from the proactive management of exploits via vulnerability scanning or reactive management of issues via incident management.

Auditing Guidance

  1. Determine if personnel required to approve system access requests are identified and documented.
  2. Evaluate if access requests are documented and approved by required personnel prior to access provisioning.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.