Transaction & Function ControlLimit information system access to the types of transactions and functions that authorized users are permitted to execute.Creating roles for each user that gives them access to certain information and systems based on their role. If someone is on a project give them a project role so they can access what systems […]
Authorized Access Control
Limit information system access to authorized users, processes acting on behalf of
authorized users, or devices (including other information systems).
This can be achieved by creating a list of all authorized personal who can use certain systems
and devices.
Example
Your company maintains a list of all personnel authorized to use company information systems
[a]. This list is used to support identification and authentication activities conducted by IT when
authorizing access to systems [a,d].
