mirror of
https://github.com/strongdm/comply
synced 2024-12-25 23:01:37 +00:00
34 lines
801 B
Markdown
34 lines
801 B
Markdown
|
# Controls
|
||
|
|
||
|
Controls explicitly state a specific action that the organization will take to enforce a Policy goal.
|
||
|
|
||
|
## Format
|
||
|
```
|
||
|
name: Access Control Procedures
|
||
|
family: Access Control
|
||
|
identifier: AC-2
|
||
|
governingPolicy:
|
||
|
- policyName: Access Onboarding and Termination
|
||
|
policyID: SDM-AOTP
|
||
|
policyClause: 1.1
|
||
|
owner: Director, Security & Compliance
|
||
|
published: 2020-01-01
|
||
|
targets:
|
||
|
TSC 2017:
|
||
|
- CC6.1
|
||
|
- CC6.2
|
||
|
- CC6.3
|
||
|
NIST 800-53:
|
||
|
- AC-1
|
||
|
revisions:
|
||
|
- date: Sep 1 2020
|
||
|
comment: Initial documentation of control
|
||
|
---
|
||
|
1. Develop, document, and disseminate to all employees:
|
||
|
|
||
|
1. Organizational access control policy that:
|
||
|
|
||
|
1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
|
||
|
|
||
|
```
|