Navigate

CCI-000345

CCI-000345 Definition

The organization enforces logical access restrictions associated with changes to the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to enforce logical access restrictions associated with changes to the information system. The information system must maintain an audit trail of logical access to the information system pertaining to information system changes.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the logical access audit trail to ensure the organization being inspected/assessed enforces logical access restrictions associated with changes to the information system as documented in the configuration management policy.

Compelling Evidence

1.) Signed and dated configuration management policy referencing logical access restrictions section

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000345.

Control	Description
CM-5	The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.