mirror of https://github.com/strongdm/comply synced 2024-11-16 21:04:54 +00:00

History

Craine Runton e289d6d8f4 Add a model for a Control, which ou can use to document control statements, owners, governing policies, etc.		2020-09-17 10:38:11 -05:00
..
README.md	Add a model for a Control, which ou can use to document control statements, owners, governing policies, etc.	2020-09-17 10:38:11 -05:00

README.md

Controls

Controls explicitly state a specific action that the organization will take to enforce a Policy goal.

Format

name: Access Control Procedures
family: Access Control
identifier: AC-2
governingPolicy:
  - policyName: Access Onboarding and Termination
    policyID: SDM-AOTP
    policyClause: 1.1
owner: Director, Security & Compliance
published: 2020-01-01
targets:
  TSC 2017:
    - CC6.1
    - CC6.2
    - CC6.3
  NIST 800-53:
    - AC-1
revisions:
  - date: Sep 1 2020
    comment: Initial documentation of control
---
1. Develop, document, and disseminate to all employees:

    1. Organizational access control policy that:

        1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and