Access Rule Setup on Critical Systems

Access rules determine who can access critical systems and under what conditions. Misconfigured or overly permissive access exposes your organisation to security breaches and audit failures. Sprinto continuously monitors access rule configurations to ensure that only authorised users can access sensitive systems.

This guide explains how to implement, review, and remediate access rule monitors for critical systems such as cloud platforms, infrastructure, and admin tools.

What is Checked

Sprinto monitors whether the following controls are enforced on critical systems:

• Role-based access control (RBAC)

• Principle of least privilege

• Defined access policies for administrators and engineers

• Login protection measures (e.g., MFA, IP restrictions)

• Onboarding and offboarding hooks for assigning/removing access

The monitor shows as Failing if:

• No access policy is configured

• Too many users have admin-level access

• There is no evidence of access rule enforcement

• Access logs indicate unauthorised or ungoverned access

How Sprinto Evaluates Access Rules

Sprinto uses integration data, custom workflows, and evidence-based validation to determine if:

• Access policies are in place

• Admin roles are correctly scoped

• Privileged accounts are secured

• Access is automatically revoked when users exit the organisation

Recommended Configuration by System

1. AWS IAM

• Define IAM roles for each function (e.g., Developer, Auditor, Admin)

• Attach least-privilege policies (use AWS managed or custom policies)

• Enable access logging via CloudTrail

• Use Conditions to restrict actions by IP or tag

2. Google Cloud IAM

• Assign roles at the project or resource level (e.g., Viewer, Editor)

• Avoid granting Owner role broadly

• Use IAM Conditions for context-aware access (e.g., request time, IP)

3. Azure RBAC

• Assign users to appropriate roles: Reader, Contributor, Owner

• Scope access at the resource group or subscription level

• Use Privileged Identity Management (PIM) for elevated access

4. GitHub / GitLab / Bitbucket

• Limit admin access to organisation owners or repo admins

• Use teams and group-based access

• Enforce branch protection and require code reviews before merging

5. Okta / Identity Providers

• Use groups to manage app access

• Assign access using SCIM provisioning or SSO rules

• Set expiry or review cycles for elevated permissions

How to Remediate in Sprinto

• Review failing monitor details to identify the misconfigured or missing rule

• Update access control settings in the target platform

• Upload evidence (screenshots, policy exports) for manual monitors

• Use the Mark as Resolved action once the access rule is properly enforced

Best Practices

• Define roles clearly and maintain documentation

• Review privileged access every quarter

• Use automation (SCIM, JIT provisioning) to enforce access rules

• Avoid static or shared credentials

• Audit access logs regularly for anomalies