CC6.2
User registration and authorization
SecurityImplementedSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users.
Auditor test plan
How this is tested during the audit
Auditor samples 25 new hires and contractors and traces their access requests to documented manager approvals.
Evidence
1 item attached to this control
- CSV
new-hire-access-sample-q1.csv
sha256:0000008000000000… · 66.3 KB · 14d ago
Last reviewed
14d
Within 180-day window
Evidence on file
4
Owner
VE
VP Engineering
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by VP Engineering
14d ago
Status set to implemented
44d ago
Initial control design approved
104d ago