graphgrc

SCF - END-03.2 - Governing Access Restriction for Change

Mechanisms exist to define, document, approve and enforce access restrictions associated with changes to systems.

Mapped framework controls

ISO 27002

• A.8.19

NIST 800-53

• CM-5

Control questions

Does the organization define, document, approve and enforce access restrictions associated with changes to systems?

This site is open source. Improve this page.