Privileged access management (PAM)¶
| ID | MOD-046 |
| System | SD07 |
| Repo | bank-platform |
| Build status | Deployed |
| Deployed | Yes |
| Last commit | bbdfbac46a1b5cf6dc25b4c7cd428a8daa669d03 |
Production database and infrastructure access requires time-limited, approved, logged sessions. No standing access to production for any engineer.
Module dependencies¶
Depends on¶
| Module | Title | Required? | Contract | Reason |
|---|---|---|---|---|
| MOD-045 | Secrets & key management | Required | — | PAM session credentials and temporary access tokens are issued and rotated via the secrets and key management module. |
| MOD-104 | AWS shared infrastructure bootstrap | Required | — | AWS shared infrastructure provisioned by MOD-104 (EventBridge buses, S3, KMS, Kinesis, Cognito) is required before this module can be deployed. |
Required by¶
(No modules in this wiki currently declare a dependency on this module.)
Policies satisfied¶
| Policy | Title | Mode | How |
|---|---|---|---|
| DT-001 | Information Security Policy | GATE |
No standing production access — every session is approved, time-limited, and logged |
| GOV-006 | Internal Audit Policy | LOG |
All production access sessions available to audit — who accessed what and when |
| DT-002 | Cybersecurity Policy | LOG |
Insider threat risk reduced — no engineer can access production data without an auditable session |
Capabilities satisfied¶
(No capabilities mapped)
Part of SD07 — Data Platform & Governance Infrastructure
Compiled 2026-05-22 from source/entities/modules/MOD-046.yaml