IAM — Identity and Access Management
39 controls in the Identity and Access Management domain
IAM-01Logical Access Provisioning
IAM-02Change of Access Notification
IAM-03Logical Access De-provisioning
IAM-04Logical Access De-provisioning: Notification
IAM-05Logical Access Review
IAM-06Role Change: Access De-provisioning
IAM-07Shared Logical Accounts
IAM-08Shared Logical Accounts: Group Member
IAM-09Shared Account Restrictions
IAM-10Role Change: People Resources Notification
IAM-11Temporary Account Termination
IAM-12Unique Identifiers
IAM-13Password Authentication
IAM-14Multifactor Authentication
IAM-15Authentication Credential Maintenance
IAM-16Session Timeout
IAM-17Session Limit
IAM-18Account Lockout: Cardholder Data Environments
IAM-19Account Lockout
IAM-20Login Banner
IAM-21Credentials Validation
IAM-22Password Authentication Standard: Federal Systems
IAM-23Privileged Session Management
IAM-24Zero Trust Enterprise Network
IAM-25Logical Access Role Permission Authorization
IAM-26Source Code Security
IAM-27Service Account Restrictions
IAM-28PCI Account Restrictions
IAM-29Least Privilege
IAM-30Virtual Private Network
IAM-31Virtual Private Network: Restrict Split-Tunneling
IAM-32Ability to Disable Remote Sessions
IAM-33Remote Maintenance: Authentication Sessions
IAM-34Remote Maintenance: Unique Authentication Credentials for each Customer
IAM-35Remote Maintenance: Authentication
IAM-36Remote Maintenance: Audit
IAM-37End-user Environment Segmentation
IAM-38End-user Access to Applications and Data
IAM-39Hardware Tokens