12.4.3 Access Control to Program Source Code

Illustrative Controls and TIBCO LogLogic Solution

Organizations must confirm that there is appropriate segregation of duties between the staff responsible for moving a program into production and the staff responsible for developing a program. In addition, organizations must consider whether or not changes are performed in a segregated and controlled environment.

To fulfil this requirement, administrators must ensure that logins to source code repositories and the permissions assigned to these users are appropriate for the tasks that they are allowed to perform. Users with overlapping permission sets should indicate a compromise in the segregation of duties control consideration. Administrators should also review the process to request and grant access to systems and data and confirm that the same person does not perform these functions.

Reports and Alerts

Use the following link/reference to see the 12.4.3 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.