Check SCREEN READER MODE to make this survey compatible with screen readers. Cybersecurity Risks: Access Control Management What Access Control Management Means:The processes and tools used to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software. Does your organization… OK Question Title * 1 . Establish and follow a process, preferably automated, for granting access to enterprise assets upon new hire, rights grant, or role change of a user. Meet Requirements Meet Some Requirements Not Sure OK Question Title * 2 . Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails. Meet Requirements Meet Some Requirements Not Sure OK Question Title * 3 . Require all externally exposed enterprise or third-party applications to enforce MFA, where supported. Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard. Meet Requirements Meet Some Requirements Not Sure OK Question Title * 4 . Require MFA for remote network access Meet Requirements Meet Some Requirements Not Sure OK Question Title * 5 . Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a third-party provider. Meet Requirements Meet Some Requirements Not Sure OK Question Title * 6 . Establish and maintain an inventory of the enterprise’s authentication and authorization systems, including those hosted on-site or at a remote service provider. Review and update the inventory, at a minimum, annually, or more frequently. Meet Requirements Meet Some Requirements Not Sure OK Question Title * 7 . Centralize access control for all enterprise assets through a directory service or SSO provider, where supported. Meet Requirements Meet Some Requirements Not Sure OK Question Title * 8 . Define and maintain role-based access control, through determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties. Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule at a minimum annually, or more frequently. Meet Requirements Meet Some Requirements Not Sure OK DONE
