# SC IAM 008 Privileged Access Management

**Control Domain:** Identity and Access Management (IAM)

**Control ID:** `SC-IAM-008`

## Control Description

This control ensures that privileged accounts (such as administrators, root users, and domain admins) are identified, inventoried, and managed according to strict processes.

Why it matters: Privileged accounts have broad access to systems and data. If they are misused or compromised, they can lead to significant business disruption or data loss.

## Linked Tests

The following tests from the SureCloud Continuous Control Monitoring (CCM) library are mapped to this Control:

| Test ID     | Test Name                                        | Test Type | Example Evidence                              |
| ----------- | ------------------------------------------------ | --------- | --------------------------------------------- |
| TST-IAM-015 | Privileged Access Management Process Is In Place | Document  | EV-081 – Privileged Access Management Process |
| TST-IAM-016 | High Risk Accounts Are Inventoried               | Document  | EV-169 – Account inventory                    |

## Regulatory Citations

> Citation IDs only are listed below (sourced from the Control-level mapping). Refer to the source framework for full citation text.

| Framework                       | Citation IDs               |
| ------------------------------- | -------------------------- |
| ISO/IEC 27001:2022              | A.5.16, A.8.2, A.8.18      |
| SOC 2 — Common Criteria         | CC6.1, CC6.2, CC6.3        |
| SOC 2 — Confidentiality         | C1.1                       |
| NIST CSF v2.0                   | ID.AM-05, PR.AA-05         |
| ISO/IEC 27017:2015              | 9.2.1, 9.2.3, 9.2.5, 9.4.4 |
| Secure Controls Framework (SCF) | IAC-15.6, IAC-16, IAC-16.1 |
| PCI-DSS                         | 7.2.3, 7.2.4, 7.2.5, 8.6.2 |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://surecloud.gitbook.io/surecloud-docs/integrations/surecloud-control-framework/controls/sc-iam-008-privileged-access-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.