LLMResponse CM.L2-3.4.5.h

From CMMC Toolkit Wiki
Jump to navigation Jump to search

Assessment for Objective [h]: Logical access restrictions associated with changes to the system are enforced

Evidence Types Ranking (Most to Least Valuable)

1. **Screen Share**: Most valuable evidence 

  - Direct observation of access controls in action
  - Live demonstration of permission enforcement
  - Real-time verification of access restriction functioning
  - Visual confirmation of denied access attempts

2. **Artifacts**: Strong supporting evidence 

  - System logs showing access attempts and denials
  - Audit trails of configuration changes
  - Security incident reports related to access violations
  - Event logs showing enforcement of restrictions

3. **Documents**: Supporting but less conclusive 

  - Enforcement procedures
  - Records of access controls
  - Security violation documentation
  - System configuration verification records

4. **Physical Review**: Limited value for logical enforcement 

  - Generally not applicable for logical access controls
  - Might observe some aspects of workstation controls

Assessment Approach Priority

1. **Test** (Primary approach) 

  - Test access control mechanisms directly
  - Attempt to perform changes with insufficient privileges
  - Verify system prevents unauthorized changes
  - Confirm role-based access controls function properly
  - Validate that system enforces separation of duties

2. **Screen Share** (Critical complement) 

  - Observe login attempts with different privilege levels
  - Watch application of access controls in real-time
  - See how the system responds to unauthorized attempts
  - Verify enforcement of access restrictions visually

3. **Examine** (Important supporting approach) 

  - Review system logs showing denied access attempts
  - Check audit trails of configuration changes
  - Verify incident reports related to access violations
  - Examine enforcement records and monitoring data

For this enforcement objective, prioritize testing actual controls to verify that defined logical access restrictions are properly implemented and functioning. Screen sharing provides critical visual evidence of enforcement, while examination of logs and records offers supporting evidence of consistent enforcement over time.

Retrieved from "https://cmmcwiki.org/index.php?title=LLMResponse_CM.L2-3.4.5.h&oldid=1486"