Navigate

CCI-000344

CCI-000344 Definition

The organization approves logical access restrictions associated with changes to the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to approve logical access restrictions associated with changes to the information system. The organization must maintain an audit trail of approvals.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of approvals to ensure the organization being inspected/assessed approves logical access restrictions associated with changes to the information system.

Compelling Evidence

1.) Signed and dated configuration management policy referencing logical access restrictions section

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000344.

Control	Description
CM-5	The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.