>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-29Least Privilege

>Control Description

Role-based access is defined and deployed to restrict privileged access to information resources based on the concept of least privilege.

Theme

Process

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Design and document the process for assigning least privilege access. 2. Ensure access is granted as per required approvals.

>Testing Procedure

1. Inspect logical access policy and validate that each role is assigned the correct level of access. 2. Inspect the logical access systems and review how the access levels are granted for types of roles (Developers, SWE, SRE). 3. For a sample of employees, inspect the level of access available and correlate to the job role and confirm that they are congruent.

>Audit Artifacts

E-IAM-01
E-IAM-41

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
4

3.3
5.4
6.8
12.2

ISO 27002:2022
1

5.3

FedRAMP Rev 5
5

AC-02 (07)
AC-06
AC-06 (01)
AC-06 (02)
AC-06 (05)

PCI DSS
7

7.2.1
7.2.2
A1.1
A1.1.1
A1.1.2
A1.1.3
+1 more

TX-RAMP
5

AC-2(7)
AC-6
AC-6(1)
AC-6(2)
AC-6(5)

Ask AI

Configure your API key to use AI features.