Compliance
Below is an overview of the regulatory requirements for logical access and termination controls.
Logical Access & Termination Controls
Regulatory requirements across SOC 2, ISO 27001, PCI DSS, SOX, and NIST
SOC
SOC 2
- CC6.1 – Logical access
- CC6.2 – Provisioning
- CC6.3 – Authorization
- CC6.6 – Termination removal
- CC7.2 – Logging
ISO
ISO 27001
- A.5.16 – Identity management
- A.5.18 – Access rights
- A.5.20 – Removal of access
- A.8.2 – Privileged access
- A.8.15 – Logging
PCI
PCI DSS
- 7.1–7.4 – Access control
- 8.2.6 – Revoke access
- 8.6.1 – Disable authentication
- 10.2 – Logging
- 10.5 – Log integrity
SOX
SOX ITGC
- User provisioning
- Deprovisioning
- Privileged access management
- Access reviews
- Termination control
NIST
NIST 800-53
- AC-2 – Account management
- AC-3 – Access enforcement
- AC-6 – Least privilege
- IA-2 – Authentication
- AU-6 – Audit review
CORE
Core Requirements
- Immediate access removal
- HR-triggered workflow
- Audit trail (who, what, when)
- Multi-domain coverage
- Consistent enforcement
Leave a Reply