Logical access privileges are reviewed and updated to ensure conformance with access requirements periodically and according to defined triggers, such as changes to organisational structure, and after any temporary elevation of privileges
Context and Guidance: Constant change in the operational environment creates the potential that at any time the current level of logical access provided to persons, objects, and entities (as reflected in access privileges) may not match the level of need based on current logical access requirements. The organisation should define a schedule for regular review of logical access privileges to ensure that the requirements they have set for their assets are being implemented through proper assignment of logical access privileges and implementation of corresponding logical access controls. Certain temporary events such as projects or incident responses may require granting situation-based privileged logical access. A logical access review should be a necessary step in the closeout process of those events.
Related Practices • Input From: Implementing ARCHITECTURE-3a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-2b, ACCESS-2g, ACCESS-2h.