6.1 - Establish an Access Granting Process

CIS Control 6.1 requires organizations to define a documented, formal process for granting user access to systems and data, ensuring that each request is reviewed, approved, and assigned based on defined roles and the principle of least privilege. The process must include verification of identity, justification of need, and alignment with policy before access is provisioned, and it should be regularly audited for compliance.