# Break-Glass Access Testing and Governance One-sentence definition: Controlled process to maintain and test emergency access without misuse. ## Key Facts - Store in vaults; sealed; MFA disabled only for emergency; heavy monitoring. - Dual-control approvals; justifications; auto-expiry and post-use review. - Test quarterly to ensure viability; prevent policy loops/lockouts. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose tested break-glass for IdP/critical systems resilience. **Mnemonic:** “**Emergency only**, **evidence always**.” ## Mini Scenario Q: IdP outage; break-glass fails—why? A: Untested credentials/process; add scheduled tests and alternates. ## Revision Checklist - Two governance rules. - Testing cadence. - Review requirement. ## Related [[Account Recovery and Break-Glass Procedures]] · [[IdP Hardening and High Availability]] · [[Secure Administration and Out-of-Band (OOB) Access]] · [[Identity Resilience and DR]] · [[Domain 7 - Index]]