Sub-Requirement 6.3.3

Illustrative Controls and the TIBCO LogLogic Solution

Organizations must confirm that there is appropriate segregation of duties between the staff responsible for production deployment of systems and applications and the staff responsible for the development of these systems and applications. In addition, organizations must consider whether or not changes are performed in a segregated and controlled environment.

To satisfy this requirement, administrators must ensure that logins to servers as well as permissions assigned to these users are appropriate for the tasks they are allowed to perform. Users with overlapping permission sets could indicate a compromise in the segregation of duties control consideration. Administrators should also review the process used to request and grant access to systems and data and confirm that the same person does not perform these functions.

Reports and Alerts

Use the following link/reference to see the 6.3.3 reports and alerts: 6.3.3 on page 100.