CISOBot - Your AI CISO Assistant

IAC-26

Permitted Actions Without Identification or Authorization

Weight: 8/10

Description

Mechanisms exist to identify and document the supporting rationale for specific user actions that can be performed on a system without identification or authentication.

Control Question

Does the organization identify and document the supporting rationale for specific user actions that can be performed on a system without identification or authentication?

Control Metadata

Domain:

Identification & Authentication

Validation Cadence:

Annual

Have questions about this control?

Ask CISOBot for implementation guidance and best practices