IAC-21
Least Privilege
Description
Mechanisms exist to utilize the concept of least privilege, allowing only authorized access to processes necessary to accomplish assigned tasks in accordance with organizational business functions.
Control Question
Does the organization utilize the concept of least privilege, allowing only authorized access to processes necessary to accomplish assigned tasks in accordance with organizational business functions?
Control Metadata
Domain:
Identification & Authentication
Validation Cadence:
Annual
Evidence Request List:
E-IAM-02 E-IAM-05 E-IAM-06
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
9.1.1
HKIA GL20
3.13.23.33.4