Control requirements

Additional IBM Cloud for Financial Services specifications

Customer consent must be obtained prior to releasing any data outside its intended use.

Authorized individuals include Federal Regulators in the event of insolvency.

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Access management in IBM Cloud

NIST supplemental guidance

Access control policies control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems. In addition to enforcing authorized access at the system level and recognizing that systems can host many applications and services in support of mission and business functions, access enforcement mechanisms can also be employed at the application and service level to provide increased information security and privacy. In contrast to logical access controls that are implemented within the system, physical access controls are addressed by the controls in the Physical and Environmental Protection (PE) family.