CCI-000916
CCI-000916 Definition
Authorize physical access to the facility where the system resides based on position or role.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed must: 1. Develop and document a list of roles or positions that have access to the facility where the information system resides. 2. Identify and document personnel assigned to those roles. 3. Authorize and document access to the facility to personnel in identified roles
Validation Procedures
The organization conducting the inspection/assessment obtains and examines: 1. The list of roles or positions that have access to the facility where the information system resides. 2. The list of personnel assigned to those roles Recommended: 3. Access logs to verify access to the facility was authorized based on the appropriate roles and positions
Compelling Evidence
1.) List of roles, personnel assigned to those roles and access logs