Updated on 2025-05-22 GMT+08:00

SEC03-01 Defining Access Control Requirements

Define which personnel or systems are authorized to access specific components, and select the appropriate identity type and method for authentication and authorization.

  • Risk level

    High

  • Key strategies

    Utilize Identity and Access Management (IAM) roles to define the access permissions of applications and components to resources. Implement a principle of least privilege access control model, ensuring that only essential permissions are granted. Assign permissions based on user roles and responsibilities, guaranteeing that users can access only the resources necessary for their work.

  • Related cloud services and tools

    IAM