Access control refers to the mechanisms that are used to regulate who is able to access certain resources or systems within an organization. Access control lists (ACLs) are a common tool used to specify the permissions or access rights that are granted to different users or groups of users.
The practices are designed to ensure that changes to ACLs are properly authorized and that access control changes are not made without proper authorization. This helps to ensure that access to resources and systems is granted only to those who are authorized to have it, and that unauthorized users are not able to access sensitive data or systems.
To achieve this, organizations should assign a knowledgeable and trustworthy person as the authorized point of contact (POC) who is responsible for approving or denying ACL changes. This person should be familiar with the organization’s security policies and procedures, and should be able to make informed decisions about access control requests. By following these practices, organizations can ensure that access control changes are properly authorized and that their data and systems are secure.