RA-5.5: Privileged Access

Risk assessment policy

procedures addressing vulnerability scanning

system design documentation

system configuration settings and associated documentation

list of system components for vulnerability scanning

personnel access authorization list

authorization credentials

access authorization records

system security plan

other relevant documents or records

Organizational personnel with vulnerability scanning responsibilities

system/network administrators

organizational personnel responsible for access control to the system

organizational personnel responsible for configuration management of the system

system developers

organizational personnel with security responsibilities

Organizational processes for vulnerability scanning

organizational processes for access control

mechanisms supporting and/or implementing access control

mechanisms/tools supporting and/or implementing vulnerability scanning