CC6.2 - Prior to Issuing System Credentials and Granting Access

CC6.2 requires organizations to verify a user's identity, need, and authorized role before issuing system credentials and granting access, ensuring that access permissions correspond to job responsibilities and are documented. It also calls for periodic review of issued credentials to confirm that they remain appropriate and to prevent unauthorized use.