questionbank

Access Control

Control AC-1 Weight High View more Security

Ideal Response

We implement multi-factor authentication (MFA) for all user accounts and use role-based access control (RBAC) to manage permissions.

Our authentication system includes password policies, session management, and regular access reviews to ensure only authorized users can access sensitive systems.

Control SC-1 Weight Critical View more Data Protection

Ideal Response

We use AES-256 encryption for data at rest and TLS 1.3 for data in transit.

All sensitive data is encrypted using industry-standard algorithms, and encryption keys are managed through a dedicated key management service with regular rotation policies.