5.2.3 - The repository staff shall have delineated roles, responsibilities, and authorizations related to implementing changes within the system.
Explanation
SP administers authorizations and access controlsÂ
- According to SP's Security Plan, "any SP staff who needs to work with production SP systems in the course of his or her work only has access to do the tasks specific to his duties."
- There is no root access to critical processes, servers, or the storage array under normal circumstances.
systems administrators move software from development to production
limit access to appropriate functionality
When ejournals volumes reach 2TB in size, the repository mounts them with a 'read-only' restriction to prevent accidently tampering.