Login
    Contents x
    User Access Reviews
    • 19 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    User Access Reviews

    • Updated on 19 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    WHAT IS A USER ACCESS REIVEW AND WHY IS IT IMPORTANT?

    Organizations design their User Access Review (UAR) process to ensure that only authorized individuals maintain access to a company’s network, applications, and sensitive systems. By conducting regular reviews, organizations can validate that user access aligns with the principle of least privilege and that individuals who no longer require access have their access revoked.

    This process plays an essential role in safeguarding systems and data from unauthorized or inappropriate access.

     

    CONTROLS THIS DASHBOARD REPORTS ON

    This dashboard reports on your organization’s level of compliance with these controls:

    NIST CSF v2.0: Subcategory PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties

    PCI-DSS v4.0.1: Requirements 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed, and 7.2.5.1 All access by application and system accounts and related access privileges are reviewed.

    CIS CSC v8.1: Safeguards 5.1, Establish and Maintain an Inventory of Accounts, 5.5, Establish and Maintain an Inventory of Service Accounts, and 6.2, Establish an Access Revoking Process


    PRIMARY KEY PERFORMANCE INDICATOR (KPI)

    The dashboard reports on this Primary KPI:

    Numerator: Count of reviews where status = "Resolved within SLA" or "Open within SLA."

    Denominator: Count of reviews

     

    COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

    • Compliance Status
    • Campaign Name, Campaign Status, Campaign Created Date, Campaign End Date – details for certification campaign
    • Certification Name, Certification Id, Certification Start Date, Certification End Date, Certification Due Date – details for the certification review
    • Reviewer Name, Reviewer Email Address – name and contact information for the reviewer for the certification
    • Certification Completed
    • Employee Name, Employee ID, Employee Email Address, Employee Job Title - Employee information
    • Manager Full Name - Employee's manager
    • Executive VP, Senior VP, VP / Executive Director - Management chain for the Employee
    • Level 5, Level 6 - Additional levels of management for the Employee

     

    OCSF TABLES USED BY THE DASHBOARD

    • Ticket Inventory [99405001]
    • User Inventory Info [5003]
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence