Control statement
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-AFR-03 | Authorization Data Sharing Determine how authorization data will be shared with all necessary parties in alignment with the FedRAMP Authorization Data Sharing (ADS) process and persistently address all related requirements and recommendations. | Authorization by FedRAMP |
| KSI-IAM-02 | Passwordless Authentication Use secure passwordless methods for user authentication and authorization when feasible, otherwise enforce strong passwords with MFA. | Identity and Access Management |
| KSI-IAM-04 | Just-in-Time Authorization Use a least-privileged, role and attribute-based, and just-in-time security authorization model for all user and non-user accounts and services. | Identity and Access Management |
| KSI-IAM-05 | Least Privilege _Persistently_ ensure that identity and access management employs measures to ensure each user or device can only access the resources they need. | Identity and Access Management |