CCI-002137
CCI-002137 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if access is revoked when privileged role or attribute assignments are no longer appropriate.
Validation Procedures
Examine: [SELECT FROM: Access control policy; procedures addressing account management; system design documentation; system configuration settings and associated documentation; system-generated list of privileged user accounts and associated roles; records of actions taken when privileged role assignments are no longer appropriate; system audit records; audit tracking and monitoring reports; system monitoring records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing account management functions; mechanisms monitoring privileged role assignments].