๐ผ CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity's objectives.
-
Contextual name: ๐ผ CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity's objectives.
-
ID:
/frameworks/soc-2/cc6/03 -
Located in: ๐ผ CC6 Logical and Physical Access Controls
Descriptionโ
Empty...
Similarโ
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| ๐ผ CC6.3-1 Creates or Modifies Access to Protected Information Assets | ||||
| ๐ผ CC6.3-2 Removes Access to Protected Information Assets | ||||
| ๐ผ CC6.3-3 Uses Access Control Structures | 1 | 1 | ||
| ๐ผ CC6.3-4 Reviews Access Roles and Rules |