IAM-10: User Access Reviews

CSF v1.1 References:

Threats Addressed:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IAM-03: Identity Inventory, IAM-08: User Access Review.

Control Statement

User access shall be authorized and revalidated for entitlement appropriateness, at planned intervals, by the organization’s business leadership or other accountable business role or function supported by evidence to demonstrate the organization is adhering to the rule of least privilege based on job function. For identified access violations, remediation must follow established user access policies and procedures.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.