
10
InformatIon SecurIty PolIcy DeveloPment for comPlIance
Access-Control Policies and Procedures
Logical Access
Describe the user registration and
deregistration procedure (provisioning
andrevocation) for granting access to
information systems.
ISO/IEC 27001 A.11.2.1 L180
NIST SP 800-53 AC-1 L181
HIPAA Standard 164.308(a)(3)(ii)(A) L182
164.308(a)(4)(i) L183
164.308(a)(4)(ii)(B) L184
PCI DSS V2.0 7.1.3 L185
8.5.4 L186
AUP V5.0 H.2 L187
H.5 L188
Describe procedures to modify a user’s
access rights—for example, when a user
transfers to a new position with different
job responsibilities.
ISO/IEC 27001 A.11.2.1 L189
NIST SP 800-53 AC-2 L190
HIPAA Standard 164.308(a)(4)(ii)(C) ...