💼 CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity's objectives.
- ID:
/frameworks/soc-2/cc6/03
Description​
Empty...
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CC6.3-1 Creates or Modifies Access to Protected Information Assets | 3 | no data | |||
| 💼 CC6.3-2 Removes Access to Protected Information Assets | 3 | no data | |||
| 💼 CC6.3-3 Uses Access Control Structures | 1 | 4 | no data | ||
| 💼 CC6.3-4 Reviews Access Roles and Rules | no data |