What to Provide
A screenshot demonstrating all users with privileged access to the production cloud console.
Evidence Format
Screenshots or exported images in a common image file type such as .jpg, .png, or .pdf.
Additional Guidance
The evidence should demonstrate all users that are able to make changes to your production cloud console. Changes to the cloud console include the ability to:
Modify customer application configurations or customer data through the application
Deploy code changes to the application
NOTE (1): Please note in the "Evidence Description" section of the ER all of the specific groups/role permissions that would provide a user privileged access to the production cloud console, and provide a screenshot of all users assigned to the associated groups/role permissions that would provide privileged access to the production cloud console.
NOTE (2): If privileged access to the production cloud console is governed via group/role permission assignments within an SSO tool, please (1) note in the "Evidence Description" section of the ER all of the specific groups/role permissions within the SSO tool that would provide a user privileged access to the production cloud console, and (2) provide a screenshot from the SSO tool of all users assigned to the associated groups/role permissions that would provide privileged access to the production cloud console.
Example Evidence
AWS
GCP
Azure
Associated Unified Control ID | Associated Framework Control |
CTRL-9 | LCL-32 |