Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs automated mechanisms to facilitate the maintenance and review of visitor access records.
NIST 800-53 (r5) Discussion:
Visitor access records may be stored and maintained in a database management system that is accessible by organizational personnel. Automated access to such records facilitates record reviews on a regular basis to determine if access authorizations are current and still required to support organizational mission and business functions.
38North Guidance:
Meets Minimum Requirement:
Implement an automated, electronic system for collecting, storing and reviewing visitor access records.
Use this system to conduct reviews.
Best Practice:
Combine this system with automated alerting to detect suspicious activity.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation describing the use of this automated system.
Interview personnel to validate that they understand how to use system.
Inspect automated system.
Review evidence of timely access reviews.
CSP Implementation Tips:
AWS: Fully inherited
Azure: Fully inherited
GCP: Fully inherited
Page updated
Report abuse