IAC-08
Role-Based Access Control (RBAC)
Description
Mechanisms exist to enforce Role-Based Access Control (RBAC) for Technology Assets, Applications, Services and/or Data (TAASD) to restrict access to individuals assigned specific roles with legitimate business needs.
Control Question
Does the organization enforce Role-Based Access Control (RBAC) for Technology Assets, Applications, Services and/or Data (TAASD) to restrict access to individuals assigned specific roles with legitimate business needs?
Control Metadata
Domain:
Identification & Authentication
Validation Cadence:
Annual
Evidence Request List:
E-HRS-12 E-IAM-02
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
9.1.711.1.6
HKIA GL20
3.13.23.33.4