zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-03 08:22:18 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ac-6.7.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

1.7 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ac-6.7 - [catalog] Review of User Privileges

Control Statement

  • [a] Review frequency the privileges assigned to roles and classes to validate the need for such privileges; and

  • [b] Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.

Control guidance

The need for certain assigned user privileges may change over time to reflect changes in organizational mission and business functions, environments of operation, technologies, or threats. A periodic review of assigned user privileges is necessary to determine if the rationale for assigning such privileges remains valid. If the need cannot be revalidated, organizations take appropriate corrective actions.

Control assessment-objective

privileges assigned to roles and classes are reviewed frequency to validate the need for such privileges; privileges are reassigned or removed, if necessary, to correctly reflect organizational mission and business needs.

What is the solution and how is it implemented?

Implementation (a)

Add control implementation description here for item ac-6.7_smt.a

Implementation (b)

Add control implementation description here for item ac-6.7_smt.b