Cloud Service Provider FedRAMP Compliance Guide and 3PAO Assessor Locator

Access Control

The Access Control (AC) objective is based around the policies and procedures in place at a 3pao to limit access to various resources within the environment to appropriate individuals. Below is a list of the various activities that are required to be implemented to address and mitigate access control related risks.

Access Control Policy and Procedures
Account Management
Access Enforcement
Information Flow Enforcement
Separation of Duties
Least Privilege
Unsuccessful Login Attempts
System Use Notification
Concurrent Session Control
Session Lock
Permitted Actions Without Identification/ Authentication
Security Attributes
Remote Access
Wireless Access
Access Control for Mobile Devices
Use of External Information Systems
Publicly Accessible Content

Please log in to rate this.
0 people found this helpful.

Category: Control Objectives

← FedRAMP FAQ

While FedRAMP compliance permits your organization to do business with the Government, a SOC 2 (AT 101) audit may be equally important to customers in the private sector when choosing a service provider.

A cloud service provider who doesn't plan on having the Government as a customer, but, wants to show they have quality security practices in place may choose to perform a SOC 2 audit, which can be preferable due to the additional requirements mandated by FedRAMP.

Access Control

SOC Reporting for Cloud Service Providers

Learn more about SOC Reporting

Recent FAQs