Least-Privilege & Role-Based Access Control
- System access is governed by access-management and least-privilege policies enforcing least privilege and role-based access control.
- Administrative privileges require documented justification with manager and security approval.
- Access rights are reviewed and recertified periodically, including annual access reviews for in-scope systems.
Framework Alignment: NIST CSF PR.AA; CIS Control 5, 6; CMMC Level 1 (AC); SOC 1 Type II; GDPR Art. 32; ISO 27001:2022 A.5.15, A.5.18, A.8.3
Multi-Factor & Phishing-Resistant Authentication
- Multi-factor authentication (MFA) is enforced enterprise-wide, including all remote and privileged access.
- Highly privileged roles use just-in-time privileged access with phishing-resistant hardware security keys.
- MFA exceptions are governed and tracked through conditional-access policies.
Featured Alignment: NIST CSF PR.AA; CIS Control 6; CMMC Level 1 (IA); GDPR Art. 32; ISO 27001:2022 A.8.5, A.5.17
Privileged Access & Credential Protection
- Privileged and service-account credentials are vaulted and rotated in a privileged access management (PAM) solution; local administrator passwords are uniquely managed.
- Elevated-privilege accounts are audited and aligned to least privilege.
- Credential hygiene is audited against known breach datasets, and compromised credentials are rotated.
Featured Alignment: NIST CSF PR.AA; CIS Control 5, 6; GDPR Art. 32; ISO 27001:2022 A.8.2, A.5.17
Single Sign-On & Consolidated Identity
- Multi-factor authentication (MFA) is enforced enterprise-wide, including all remote and privileged access.
- Highly privileged roles use just-in-time privileged access with phishing-resistant hardware security keys.
- MFA exceptions are governed and tracked through conditional-access policies.
Feature Alignment: NIST CSF PR.AA; CIS Control 6; CMMC Level 1 (IA); GDPR Art. 32; ISO 27001:2022 A.8.5, A.5.17
For additional information and documentation, please submit a request.
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
