UnixTime

Research Note

Authentication Exception and Compensating Control Record

Use this record when a system cannot meet the secure authentication standard and needs risk acceptance or compensating controls.

On this page

When to use this

Use this record when a system cannot meet the secure authentication standard and needs risk acceptance or compensating controls.

Exception record

Field Value
System/application TBD
Authentication gap TBD
Reason standard cannot be met TBD
Risk assessment reference TBD
Compensating controls TBD
Approved by TBD
Expiry/review date TBD
Monitoring required TBD
Residual risk accepted by TBD

Minimum checks

  • Gap is clearly described.
  • Risk assessment supports the exception.
  • Compensating controls are implemented.
  • Exception has an expiry/review date.
  • Residual risk is approved at the right level.
  • Template
  • Iso27001
  • Technological controls
  • Authentication
  • Exception

Note Metadata

Aliases: Authentication Exception Record

Source: 90 Templates/Authentication Exception and Compensating Control Record.md