CC6.6
Implements logical access security measures against threats
SecurityImplementedSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity implements logical access security measures to protect against threats from sources outside its system boundaries.
Auditor test plan
How this is tested during the audit
Auditor inspects WAF, DDoS, IDS/IPS, and EDR coverage and a 30-day sample of triaged alerts.
Evidence
1 item attached to this control
- JSO
waf-rule-export-2026-04.json
sha256:0000008000000009… · 304.7 KB · 8d ago
Last reviewed
8d
Within 180-day window
Evidence on file
4
Owner
DS
Director, Security
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by Director, Security
8d ago
Status set to implemented
38d ago
Initial control design approved
98d ago