Leadline Inc.Leadline Inc.
Control Requirements

LS-14: Administrative Access Restrictions

Restrict administrative access to applications and databases based on job function

Control Description

Administrative access to the in-scope applications and related databases is restricted to appropriate individuals based on job function.

Plain Meaning

This control requires organizations to limit administrative access to applications and databases to only those individuals who need administrative privileges to perform their job responsibilities. This prevents unauthorized administrative access and reduces security risks.

Implementation: Job Function-Based Access Control

Administrative Access Policy

We implement strict administrative access controls based on job function requirements, ensuring that only authorized individuals have administrative privileges for applications and databases.

Access Control Principles

  • Principle of Least Privilege: Grant minimum necessary administrative access
  • Job Function Alignment: Access strictly based on job responsibilities
  • Temporary Access: Time-limited administrative access when required
  • Approval Workflow: Management approval for administrative access requests

Access Management

  • Regular Reviews: Quarterly review of administrative access permissions
  • Immediate Revocation: Prompt removal of access when no longer needed
  • Audit Logging: Complete audit trail of administrative access

Administrative Access Security Monitoring

GuardDuty Security Dashboard

  • LS-05: Direct database access restrictions
  • LS-06: Password vault for administrator accounts
  • LS-22: Manager approval for access requests

LS-10: External User Access Review

Semi-annual external user access listing provided to clients for review

LS-16: Encrypted Data Transmission

Default encryption for all electronic information transmissions over public networks