Description
The organization completes appropriate signed access agreements for individuals requiring access to organizational information and information systems before authorizing access and reviews/updates the agreements [Assignment: organization-defined frequency].
Supplemental Guidance
Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Electronic signatures are acceptable for use in acknowledging access agreements unless specifically prohibited by organizational policy.
Enhancements
(0) None.
Compliance Mappings
ISO 27001:2022
A.6.2A.6.6
ISO 27002:2022
6.26.56.6
COBIT 2019
APO07
NIST CSF 2.0
GV.RR-04
SOC 2 TSC
CC1.5
CSA CCM v4
HRS-07HRS-08HRS-10HRS-13
CSA AICM v1
HRS-07HRS-08HRS-10HRS-13
ISO 42001:2023
A.9.2
NIS2 Directive
Art. 21(2)(i)
BSI IT-Grundschutz
ORP.2
ANSSI
Hygiene.7SecNumCloud.8.2
FINMA Circular 2023/1
IV.B.a(48)IV.B.d(59)
OSFI B-13
B-13.1.1
EU GDPR
Art.29Art.32(4)
EU DORA
Art.5(4)
BIO2
6.26.56.6
RBI CSF
Annex1.8
FISC Security Guidelines
FISC.O8
LGPD + BCB 4893
LGPD.Art.47
MLPS 2.0
8.1.8.1
DNB Good Practice
DNB.8.4
SWIFT CSCF
SWIFT.5.3A
SAMA CSF
1.7
NCA ECC
1-9
UAE IA
T5
Qatar NIA
HR
CBE CSF
CD-1GOV-2
SA JS2
JS2-8.6
CBN CSF
Part1.2Part9
BoG CISD
CISD-XV
POPIA
s19
BoM CTRM
1.23.8
IOSCO Cyber Resilience
GOV-4
CPMI-IOSCO PFMI
CG.GOV
FFIEC IS
II.C.7II.C.7(a)II.C.7(d)
NYDFS 500
500.10
HIPAA Security Rule
§164.308(a)(1)(ii)(C)§164.308(a)(3)(i)§164.308(a)(3)(ii)(B)§164.308(a)(4)(ii)(B)
ECB CROE
CROE.2.1.2CROE.2.3.2
SEBI CSCRF
GV.RR
BOT Cyber Resilience
Ch7.2
CMMC 2.0
PS
NERC CIP
CIP-004-7
10 CFR 73.54
RG5.71-C-PS
DOE C2M2 v2.1
WORKFORCE
API 1164
Sec 13
AWIA
AWWA Sec 8
IAEA NSS 17-T
Sec 9
PCI PTS v6
H
PCI HSM
156
Common Criteria
CC Part 2 — FMT
Solvency II
Art.42
NAIC Insurance Data Security
4-personnel4B
PRA SS1/23
P2.4
FCA SYSC 13
SYSC 13.6.1
HITRUST CSF v11
01.a02.a02.b
FDA 21 CFR Part 11
§11.10(j)
ISO 27799
7.17.2
NHS DSPT
NDG-2.3
MiCA
Art.36(1)Art.65(1)Art.73(1)Art.86(1)Art.92(1)
Basel SCO60
SCO60.55SCO60.60SCO60.62
BSSC Standards
GSP-04
SEC Custody (Digital Assets)
SEC-CD-19
ISO 17799 (legacy)
6.1.58.1.3
COBIT 4.1 (legacy)
DS5.4