Logical access requests are reviewed and approved by the asset owner
Context and Guidance: Privileges for logical access to an asset are assigned and approved by asset owners, custodians, or authorised delegates based on the role of the person, object, or entity that is requesting access. The asset owner or custodian is responsible for granting logical access privileges based on the identity’s role and the asset’s cybersecurity requirements. Asset owners and custodians must be aware of which particular identities require access to their assets and must validate the requirement with respect to business and cybersecurity requirements before granting approval.
Related Practices • Input From: Implementing ARCHITECTURE-3a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-2a, ACCESS-2c, ACCESS-2d, ACCESS-2e, ACCESS-2f.