A.8.3 — Information access restriction
This control restricts access to sensitive information based on need-to-know principles. Measures include user authentication, role-based permissions, and regular access reviews.
| Property | Value |
|---|---|
| Section | technical |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ACCESS-01 | Multi-Tenant Isolation |
| SID-ACCESS-04 | SPOCP Policy-Based Query Authorization |
Source: ISO/IEC 27001:2022 Annex A