Requests for privileged access to systems, applications and data repositories are validated when first requested.
Topic
Privileged access to systems
Applicable to
all
History
Priority
Must
Dec 2023
Requests for privileged access to systems, applications and data repositories are validated when first requested.
The existing control relating to validating requests for privileged access to data repositories was merged into the existing control relating to validating requests for privileged access to systems and applications. [ISM-1507, ISM-1733]
Sep 2019
Privileged access to systems, applications and data repositories is validated when first requested and revalidated on an annual or more frequent basis.
Security controls 0405, 1503, 1507 and 1508 were modified to replace references to ‘information’ with ‘data repositories’ in order to align with language used by the Essential Eight mitigation strategies.
Aug 2019
Privileged access to systems, applications and information is validated when first requested and revalidated on an annual or more frequent basis.
Nov 2018
Privileged access to systems, applications and information is validated when first requested and revalidated on an annual or more frequent basis.
Added to address a gap in guidance on privileged access to systems and resources.