Establish an Access Granting Process
Description
Establish and follow a process, preferably automated, for granting access to enterprise assets upon new hire, rights grant, or role change of a user.
Implementation Checklist
Tool Recommendations
Identity governance and administration platform with access certification, lifecycle management, and AI-driven access intelligence
SailPoint · Per-identity subscription
Cloud identity and access management with SSO, MFA, conditional access, and identity governance
Microsoft · Per-user subscription (P1/P2)
Cloud identity platform providing SSO, adaptive MFA, lifecycle management, and API access management
Okta · Per-user subscription
Threats & Vulnerabilities (CIS RAM)
Threat Scenarios
Excessive Access Granted to New Hires
ConfidentialityWithout a formal granting process, new employees receive access by cloning another user's permissions, inheriting unnecessary privileges accumulated through that user's role changes.
Unauthorized Access During Role Transitions
ConfidentialityUsers changing roles accumulate access from both old and new positions because no structured process ensures previous access is reviewed when new access is granted.
Vulnerabilities (When Safeguard Absent)
No Formal Access Granting Process
Without a defined process for granting access, provisioning decisions are ad-hoc, inconsistent, and not tied to verified business need, leading to over-provisioning.
No Approval Workflow for Access Requests
Without a structured approval process, access is granted based on informal requests without management authorization or documentation of the business justification.
Evidence Requirements
| Type | Evidence Item | Collection Frequency |
|---|---|---|
| Technical | Configuration screenshots or exports showing protection controls enabled | Captured quarterly |
| Document | Procedure documentation for protection measures | Reviewed annually |
| Document | Governing policy document (current, approved, communicated) | Reviewed annually |