access Policy
Access Control Policy
Defines requirements for granting, reviewing, and revoking access to Mesta systems and data. Implements role-based access control (RBAC), multi-factor authentication (MFA), and the principle of least privilege across all production and corporate environments.
ActiveDownload PDF
Version
1.8.0
Effective Date
12/1/2024
Next Review
12/1/2025
Approved By
Chief Technology Officer
Policy Document
Access Control Policy
Version: 1.8.0 Effective Date: 2024-12-01 Next Review: 2025-12-01 Approved By: Chief Technology Officer ---1. Purpose and Scope
Defines requirements for granting, reviewing, and revoking access to Mesta systems and data. Implements role-based access control (RBAC), multi-factor authentication (MFA), and the principle of least privilege across all production and corporate environments.
This policy applies to all Mesta Technologies Inc. employees, contractors, vendors, and systems that process, store, or transmit company or customer data.
2. Roles and Responsibilities
3. Policy Statements
[Detailed policy requirements would be listed here in the full document]
3.1 General Requirements
This section outlines the fundamental requirements that all stakeholders must follow.
3.2 Specific Controls
This section details specific technical and administrative controls implementing this policy.
3.3 Exceptions
Policy exceptions require written approval from Chief Technology Officer and must be reviewed quarterly.
4. Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may result in legal action.
5. Related Documents
This policy supports the following security controls:
3.2 Specific Controls
This section details specific technical and administrative controls implementing this policy.
3.3 Exceptions
Policy exceptions require written approval from Chief Technology Officer and must be reviewed quarterly.
4. Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may result in legal action.
5. Related Documents
This policy supports the following security controls:
4. Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may result in legal action.
5. Related Documents
This policy supports the following security controls:
6. Revision History | Version | Date | Author | Changes | |---------|------|--------|---------| | 1.8.0 | 2024-11-20 | Infrastructure Team | Current version | --- *This document is confidential and proprietary to Mesta Technologies Inc.*
Related Controls (5)
Unique account authentication enforced
All system authentication requires unique username/password or authorized SSH keys.
passing
Production application access restricted
System access restricted to authorized personnel with role-based permissions.
passing
Access control procedures established
Documented procedures for adding, modifying, and removing user access.
passing
Privileged access managed
Privileged accounts require separate credentials and enhanced authentication.
passing
Password policy enforced
Minimum 12 characters with MFA via hardware security keys required.
passing
Supported Frameworks
Policy Details
- Policy ID
- access-control-policy
- Category
- access
- Author
- Infrastructure Team
- Approval Date
- 11/20/2024
- Page Count
- 18 pages
Version History
v1.8.012/1/2024
Current approved version