mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 10:55:17 +03:00
24 lines
1.0 KiB
Markdown
24 lines
1.0 KiB
Markdown
# Standards and References - Access Review and Certification
|
|
|
|
## NIST Standards
|
|
- **NIST SP 800-53 Rev 5**:
|
|
- AC-2: Account Management (periodic review requirement)
|
|
- AC-2(3): Disable accounts after inactivity period
|
|
- AC-5: Separation of Duties
|
|
- AC-6: Least Privilege
|
|
- AC-6(7): Review of User Privileges
|
|
- AU-6: Audit Record Review, Analysis, and Reporting
|
|
- **NIST SP 800-171**: 3.1.1 Authorized Access Control, 3.1.2 Transaction Control
|
|
|
|
## Compliance Requirements
|
|
- **SOX Section 404**: Quarterly access reviews for financial systems
|
|
- **PCI DSS 4.0**: Requirement 7.2.5 - Review all access at least every six months
|
|
- **HIPAA Security Rule**: 45 CFR 164.312(a)(1) - Access control review
|
|
- **ISO 27001**: A.9.2.5 Review of user access rights
|
|
- **GDPR Article 5(1)(f)**: Integrity and confidentiality of processing
|
|
|
|
## Industry Frameworks
|
|
- **CIS Controls v8**: Control 6.2 - Establish an Access Revoking Process
|
|
- **COBIT 2019**: DSS05.04 - Manage user identity and logical access
|
|
- **IGA Market**: SailPoint, Saviynt, One Identity, Omada
|