6.8: Define and Maintain Role-Based Access Control

CSF v1.1 References:

CSF v2.0 References:

PF v1.0 References:

Group:

Info icon.

Control is new to this version of the control set.

Control Statement

Define and maintain role-based access control, through determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties. Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule at a minimum annually, or more frequently.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]