Documenting access requirements for systems and their resources, such as applications and data repositories, can assist in determining if personnel meet the appropriate authorisation, security clearance, briefing and need-to-know requirements for access. Types of users for which access requirements should be documented include unprivileged users, privileged users, foreign nationals and contractors.
4 controls