IAM-16: Authorization Mechanisms

Previous Version:

Control Statement

Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized.

Implementation Guidance

The information system should require approvals for authorizations to access the system resources and follow communicated and approved applicable policies. The organization should adopt multiple authorization concepts (i.e., user manager, system/information owner).

Auditing Guidance

  1. Determine if processes, procedures and technical measures, for verification of access authorization to data and system functions, are defined.
  2. Determine if processes, procedures and technical measures, for verification of access authorization to data and system functions, are implemented and consistently followed in practice.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.