IAC-16
Privileged Account Management (PAM)
Description
Mechanisms exist to restrict and control privileged access rights for users and Technology Assets, Applications and/or Services (TAAS).
Control Question
Does the organization restrict and control privileged access rights for users and Technology Assets, Applications and/or Services (TAAS)?
Control Metadata
Domain:
Identification & Authentication
Validation Cadence:
Quarterly
Evidence Request List:
E-IAM-03
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
9.2.1
HKIA GL20
3.13.23.33.4