Description
The organization completes appropriate signed access agreements for individuals requiring access to organizational information and information systems before authorizing access and reviews/updates the agreements [Assignment: organization-defined frequency].\n
Supplemental Guidance
Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Electronic signatures are acceptable for use in acknowledging access agreements unless specifically prohibited by organizational policy.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 27002:2022
5.105.146.6
SOC 2 TSC
CC1.5
ISO 17799 (legacy)
6.1.58.1.3
COBIT 4.1 (legacy)
DS5.4