Are passwords required to access systems transmitting, processing or storing Scoped Systems and Data?

Upon successful logon, does a message indicate the last time of successful logon?

What is a frequency of dormant user access review

What is the ratio of super users to regular users?

Are user permissions provided according to business need, need to know, and least privilege?

Please describe the system used to manage user permissions within your organization.

Please attach a screen shot of the domain admin group.

Please attach screen shots from the user activity event log configuration regarding how the aforementioned operates.

Is there a process for investigating temporary permissions?

Is there a policy to prevent access to sensitive customer data, which requires among other things: strong identification, unified identification, non-repudiation, access control, strong password policy, and multi-factor authentication?