>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-05Logical Access Review

>Control Description

Organization performs account and access reviews on a quarterly basis; corrective action is taken where applicable.

Theme

Process

Type

Detective

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Design and document a process for Logical Access and requirements for access reviews. 2. Ensure access reviews are performed as per defined frequency. 3. Ensure that the necessary corrective action has been taken, if required.

>Testing Procedure

1. Inspect Organization's Logical Access Account Standard to determine whether the requirements for access reviews were defined. 2. Inspect the access reviews reconciliation report on a quarterly basis. 3. For a sample of services, inspect the access review for the selected quarters. 4. In case of any discrepancy, ensure that corrective action has been taken and appropriate approval is obtained from the authorized personnel.

>Audit Artifacts

E-IAM-01
E-IAM-08
E-IAM-09

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
4

5.1
5.3
5.5
6.8

ISO 27002:2022
1

5.18

FedRAMP Rev 5
3

IA-05
PS-05
AC-02 (03)

PCI DSS
2

8.2.6
A3.4.1

HIPAA Security Rule
7

164.308(a)(3)(i)
164.308(a)(3)(ii)(A)
164.308(a)(3)(ii)(B)
164.308(a)(3)(ii)(C)
164.308(a)(4)(i)
164.308(a)(4)(ii)(C)
+1 more

SOC 2
2

CC6.2
CC6.3

Cyber Essentials
2

UAC
SC

BSI C5
7

IDM-01
IDM-02
IDM-03
IDM-04
IDM-05
OIS-04
+1 more

TX-RAMP
3

AC-2(3)
IA-5
PS-5

Ask AI

Configure your API key to use AI features.