LLMResponse CM.L2-3.4.5.g

From CMMC Toolkit Wiki
Jump to navigation Jump to search

Assessment for Objective [g]: Logical access restrictions associated with changes to the system are approved

Evidence Types Ranking (Most to Least Valuable)

1. **Documents**: Primary evidence 

  - Approval records for logical access controls
  - Change request forms with approval signatures
  - Authorization records for privileged accounts
  - System security plan with approval processes
  - Documented approval workflows

2. **Artifacts**: Strong supporting evidence 

  - Electronic approval workflows
  - Approval status indicators in systems
  - Ticket systems showing approval history
  - Email threads documenting approvals
  - System logs showing approval actions

3. **Screen Share**: Valuable but secondary 

  - View approval systems in real-time
  - Observe authorization status in management tools
  - See approval workflows in change management systems

4. **Physical Review**: Minimal value for logical approvals 

  - Generally not applicable for logical access approvals
  - Limited relevance for this objective

Assessment Approach Priority

1. **Examine** (Primary approach) 

  - Review logical access approvals in documentation
  - Check change requests with approval signatures
  - Verify authorization records for privileged account creation
  - Look for approval chains in change management systems
  - Ensure proper management sign-off exists for access changes

2. **Interview** (Important complement) 

  - Talk with approval authorities about their role
  - Interview system administrators about approval requirements
  - Discuss with security personnel about authorization procedures
  - Verify personnel understand approval responsibilities
  - Confirm managers understand approval workflows

3. **Test** (Limited applicability) 

  - Testing approval processes might disrupt operations
  - Could verify systems enforce approval requirements
  - Generally less efficient for verifying approvals exist

For this objective, focus primarily on examining documentation that demonstrates approvals have been properly obtained and recorded for logical access restrictions. Interviews with approval authorities and administrators provide important context and verification. Testing has limited value for this specific objective since it focuses on approval rather than enforcement.

Retrieved from "https://cmmcwiki.org/index.php?title=LLMResponse_CM.L2-3.4.5.g&oldid=1485"