Safeguard 6.1 focuses on the critical need for an Access Granting Process and is an integral part of user access management. While this might sound straightforward, the safeguard is essential for ensuring that enterprise assets are protected and that access is only granted to the right people at the right time.

So, what does it involve? Safeguard 6.1 requires organizations to establish and follow a defined process, preferably automated, for granting access whenever a new hire joins, an employee's role changes, or additional rights are required. Automation plays a key role here—it reduces the risk of manual errors, ensures consistency, and simplifies the auditing process.

Let’s break it down:

• New Hires: When onboarding a new employee, the process ensures they are only granted access to the assets and systems required for their role.
• Rights Granting: If an employee needs additional privileges (e.g., temporary administrative access), the process ensures this is documented and monitored.
• Role Changes: For promotions, transfers, or job changes, access rights are updated accordingly—removing what’s no longer needed and adding new permissions where required.

The key is centralizing this process within your Identity and Access Management (IAM) platform, whether you’re using tools like Microsoft Azure Active Directory, Okta, or another IAM solution. Coupling this with Single Sign-On (SSO) and Role-Based Access Control (RBAC) ensures that employees only have access to what’s necessary, no more, no less.

To recap, CIS Control 6.1 is about establishing a streamlined, auditable, and efficient process for granting access—keeping your enterprise secure while empowering your employees to work effectively.