Content library
Access control and authentication
Regular reviewing of data system access rights
System management
Access control and authentication

Regular reviewing of data system access rights

Start free trial

Task description

Regular reviewing of data system access rights

Data system owner determines the access roles to the system in relation to the tasks of users. The compliance of the actual access rights with the planned ones must be monitored and the rights reassessed at regular intervals.

When reviewing access rights, care must also be taken to minimize admin rights and eliminate unnecessary accounts.

Requirements connected to the task

24. Responsibility of the controller
General Data Protection Regulation
32. Security of processing
General Data Protection Regulation
5. Principles relating to processing of personal data
General Data Protection Regulation
14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politika
Kibernetinio Saugumo Įstatymas (Lithuania)
16 §: Tietojärjestelmien käyttöoikeuksien hallinta
Public administration information management act
2.6.1: Create guidelines for access control
NSM ICT Security Principles (Norway)
3.3: Configure Data Access Control Lists
CIS 18 controls
4.1 (MIL3): Establish Identities and Manage Authentication
C2M2: MIL1
4.1.3: Management of users in data systems
TISAX: Information security
4.2.1: Access Management
TISAX: Information security

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Management of identification and access methods
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

4.1.1: Management of access methods
TISAX
See all related requirements and other information from tasks own page.
Go to >
Management of identification and access methods
Use of multi-factor authentication for important data systems
Critical
High
Normal
Low
Access control and authentication
36
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
4.1.2: Security of authentication
TISAX
30 § 3.10°: D'authentification à plusieurs facteurs
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Use of multi-factor authentication for important data systems
Defining and documenting accepted authentication methods
Critical
High
Normal
Low
Access control and authentication
42
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti
NIS2 Croatia
4.5: Käyttöoikeuksien hallinta
TiHL tietoturvavaatimukset
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
4.1.2: Security of authentication
TISAX
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting accepted authentication methods
Use and evaluation of password management system
Critical
High
Normal
Low
Access control and authentication
23
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
30 § 3.9° (l'accès): Contrôle d'accès
NIS2 Belgium
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Use and evaluation of password management system
Regular reviewing of data system access rights
Critical
High
Normal
Low
Access control and authentication
31
requirements

Examples of other requirements this task affects

I06: Pääsyoikeuksien hallinnointi
Katakri
16 §: Tietojärjestelmien käyttöoikeuksien hallinta
TiHL
24. Responsibility of the controller
GDPR
32. Security of processing
GDPR
5. Principles relating to processing of personal data
GDPR
See all related requirements and other information from tasks own page.
Go to >
Regular reviewing of data system access rights
Creating and maintaining an access control policy
Critical
High
Normal
Low
Access control and authentication
7
requirements

Examples of other requirements this task affects

14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politika
NIS2 Lithuania
40: Käyttövaltuuspolitiikka ja prosessi
Digiturvan kokonaiskuvapalvelu
2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
2.6.1: Create guidelines for access control
NSM ICT-SP
6.8: Define and Maintain Role-Based Access Control
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining an access control policy
Control of physical and logical access
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

Article 33: Access Control
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Control of physical and logical access
Establishing and maintaining an inventory of the enterprise’s authentication systems
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.6: Establish and Maintain an Inventory of Authentication and Authorization Systems
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining an inventory of the enterprise’s authentication systems
Enforcing MFA for administrative access
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.5: Require MFA for Administrative Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Enforcing MFA for administrative access
Enforcing MFA for external applications
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.3: Require MFA for Externally-Exposed Applications
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Enforcing MFA for external applications
Using behavior-based anti-malware software
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

10.7: Use Behavior-Based Anti-Malware Software
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Using behavior-based anti-malware software
Deploying and maintaining anti-malware protections of email server
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

9.7: Deploy and Maintain Email Server Anti-Malware Protections
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Deploying and maintaining anti-malware protections of email server
Using of DNS filtering services
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

9.2: Use DNS Filtering Services
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Using of DNS filtering services
Centralizing access control
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.7: Centralize Access Control
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Centralizing access control
Requiring MFA for remote network access
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.4: Require MFA for Remote Network Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Requiring MFA for remote network access
Using unique passwords
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

5.2: Use Unique Passwords
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Using unique passwords
Process for establishing and maintaining an inventory of accounts
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

5.1: Establish and Maintain an Inventory of Accounts
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Process for establishing and maintaining an inventory of accounts
Enforcing an automatic device lockout on portable end-user devices
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

4.10: Enforce Automatic Device Lockout on Portable End-User Devices
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Enforcing an automatic device lockout on portable end-user devices
Disabling default accounts
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

4.7: Manage Default Accounts on Enterprise Assets and Software
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Disabling default accounts
Zero trust architecture in authentication
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

PR.AA-03: Authentication before access
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Zero trust architecture in authentication
Protecting credentials and identity assertions
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

PR.AA-04: Identity assertions
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Protecting credentials and identity assertions
Document the identity life cycle management processes
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Document the identity life cycle management processes
Using trust-based access control
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

2.5.2: Restrict access to internal services from external locations
NSM ICT-SP
2.2.6: Control access to services based on knowledge of users and devices
NSM ICT-SP
Article 35: Data, system and network security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Using trust-based access control
Reusing identities across systems, sub-systems and applications
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

2.6.1: Create guidelines for access control
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Reusing identities across systems, sub-systems and applications
Use a centralised tool to check password quality
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Use a centralised tool to check password quality
Certificate based authentication for system-to-system communication
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Certificate based authentication for system-to-system communication
Need to know -principle in access management
Critical
High
Normal
Low
Access control and authentication
18
requirements

Examples of other requirements this task affects

I06: Pääsyoikeuksien hallinnointi
Katakri
9.1.1: Access control policy
ISO 27001
PR.AC-4: Access permissions and authorizations
NIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminen
Julkri
HAL-14: Käyttö- ja käsittelyoikeudet
Julkri
See all related requirements and other information from tasks own page.
Go to >
Need to know -principle in access management
Analyzing authentication processes of critical systems
Critical
High
Normal
Low
Access control and authentication
16
requirements

Examples of other requirements this task affects

9.4.2: Secure log-on procedures
ISO 27001
9.4: System and application access control
ISO 27017
9.4.2: Secure log-on procedures
ISO 27017
9.4.2: Secure log-on procedures
ISO 27018
9.4.4: Use of privileged utility programs
ISO 27017
See all related requirements and other information from tasks own page.
Go to >
Analyzing authentication processes of critical systems
Managing shared user credential through password management system
Critical
High
Normal
Low
Access control and authentication
5
requirements

Examples of other requirements this task affects

9.4.3: Password management system
ISO 27001
9.2.4: Management of secret authentication information of users
ISO 27001
5.17: Authentication information
ISO 27001
2.6.5: Minimise privileges for management accounts
NSM ICT-SP
2.6.1: Create guidelines for access control
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Managing shared user credential through password management system
Avoiding and documenting shared user accounts
Critical
High
Normal
Low
Access control and authentication
12
requirements

Examples of other requirements this task affects

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
32. Security of processing
GDPR
9.2.4: Management of secret authentication information of users
ISO 27001
TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
5.16: Identity management
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Avoiding and documenting shared user accounts
Using multi-factor authentication for admins
Critical
High
Normal
Low
Access control and authentication
22
requirements

Examples of other requirements this task affects

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
4.1.2: Security of authentication
TISAX
30 § 3.10°: D'authentification à plusieurs facteurs
NIS2 Belgium
2.6.7: Use multifactor authentication
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Using multi-factor authentication for admins
Use of dedicated admin accounts in critical data systems
Critical
High
Normal
Low
Access control and authentication
21
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
4.2.1: Access Management
TISAX
30 § 3.9° (l'accès): Contrôle d'accès
NIS2 Belgium
2.6.4: Minimise privileges for end users and special users
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Use of dedicated admin accounts in critical data systems
Enabling multi-factor authentication for all users
Critical
High
Normal
Low
Access control and authentication
19
requirements

Examples of other requirements this task affects

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
30 § 3.10°: D'authentification à plusieurs facteurs
NIS2 Belgium
2.6.7: Use multifactor authentication
NSM ICT-SP
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Enabling multi-factor authentication for all users
Defining and documenting access roles
Critical
High
Normal
Low
Access control and authentication
48
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
4.5: Käyttöoikeuksien hallinta
TiHL tietoturvavaatimukset
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
4.2.1: Access Management
TISAX
4.1.2: Security of authentication
TISAX
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting access roles
Rules and formal management process for admin rights
Critical
High
Normal
Low
Access control and authentication
23
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
30 § 3.9° (l'accès): Contrôle d'accès
NIS2 Belgium
2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
2.6.4: Minimise privileges for end users and special users
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Rules and formal management process for admin rights
Instructions for reporting changes affecting access rights
Critical
High
Normal
Low
Access control and authentication
15
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
4.1.1: Management of access methods
TISAX
30 § 3.9° (l'accès): Contrôle d'accès
NIS2 Belgium
14.5.10.b): Prieigos kontrolė
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Instructions for reporting changes affecting access rights
Roolipohjaisista käyttöoikeuksista poikkeamien käsittely
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin
Omavalvontasuunnitelma
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännöt
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Roolipohjaisista käyttöoikeuksista poikkeamien käsittely
Approval process that includes the customer for high-risk administrator rights
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Approval process that includes the customer for high-risk administrator rights
Using unique user names
Critical
High
Normal
Low
Access control and authentication
10
requirements

Examples of other requirements this task affects

UAC-02: User authentication
Cyber Essentials
A.11.8: Unique use of user IDs
ISO 27018
PR.AC-6: Proof of identity
NIST
TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnukset
Julkri
TEK-08.1: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Using unique user names
Minimizing and monitoring log data access
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

3.14: Log Sensitive Data Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Minimizing and monitoring log data access
Changing default passwords
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

SEC-02: Changing default passwords
Cyber Essentials
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
2.3.7: Change all standard passwords on ICT products before deployment
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Changing default passwords
Reviewing password practices on password protected systems
Critical
High
Normal
Low
Access control and authentication
6
requirements

Examples of other requirements this task affects

SEC-06: Reviewing password practices on password protected systems
Cyber Essentials
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
2.6.7: Use multifactor authentication
NSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
5.2: Use Unique Passwords
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Reviewing password practices on password protected systems
Descriptions of different access rights management processes
Critical
High
Normal
Low
Access control and authentication
10
requirements

Examples of other requirements this task affects

14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politika
NIS2 Lithuania
ACCESS-1: Establish Identities and Manage Authentication
C2M2
I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTI
Katakri 2020
4.5: Käyttöoikeuksien hallinta
TiHL tietoturvavaatimukset
4.2.1: Access Management
TISAX
See all related requirements and other information from tasks own page.
Go to >
Descriptions of different access rights management processes
Total record of authorized users for offered cloud services
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

A.11.9: Records of authorized users
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Total record of authorized users for offered cloud services
Secure management of de-activated or expired user IDs
Critical
High
Normal
Low
Access control and authentication
5
requirements

Examples of other requirements this task affects

A.11.10: User ID management
ISO 27018
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
PR.AA-01: Management of identities and credentials
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Secure management of de-activated or expired user IDs
Features and instructions for user registration and de-registration in offered cloud services
Critical
High
Normal
Low
Access control and authentication
6
requirements

Examples of other requirements this task affects

9.2.1: User registration and de-registration
ISO 27017
9.2: User access management
ISO 27018
9.2.1: User registration and de-registration
ISO 27018
PR.AC-1: Identity and credential management
NIST
PR.AC-6: Proof of identity
NIST
See all related requirements and other information from tasks own page.
Go to >
Features and instructions for user registration and de-registration in offered cloud services
Features and instructions for access management in offered cloud services
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

9.2.2: User access provisioning
ISO 27017
PR.AC-1: Identity and credential management
NIST
See all related requirements and other information from tasks own page.
Go to >
Features and instructions for access management in offered cloud services
Limitation of privileged utility programs
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

9.4.4: Use of privileged utility programs
ISO 27001
8.18: Use of privileged utility programs
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Limitation of privileged utility programs
Limitation of privileged of utility programs in relation to offered cloud services
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

9.4.4: Use of privileged utility programs
ISO 27017
See all related requirements and other information from tasks own page.
Go to >
Limitation of privileged of utility programs in relation to offered cloud services
Access rights are managed by the principle of the least privilege
Critical
High
Normal
Low
Access control and authentication
8
requirements

Examples of other requirements this task affects

PR.AC-4: Access permissions and authorizations
NIST
I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTI
Katakri 2020
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.
CyberFundamentals
2.6.4: Minimise privileges for end users and special users
NSM ICT-SP
2.6.5: Minimise privileges for management accounts
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Access rights are managed by the principle of the least privilege
Authentication of identities and binding to user data
Critical
High
Normal
Low
Access control and authentication
10
requirements

Examples of other requirements this task affects

PR.AC-6: Proof of identity
NIST
ACCESS-1: Establish Identities and Manage Authentication
C2M2
4.1.3: Management of users in data systems
TISAX
PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.
CyberFundamentals
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Authentication of identities and binding to user data
Hallintayhteyksien vahva tunnistaminen julkisessa verkossa
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-04.1: Hallintayhteydet - vahva tunnistaminen julkisessa verkossa
Julkri
See all related requirements and other information from tasks own page.
Go to >
Hallintayhteyksien vahva tunnistaminen julkisessa verkossa
Hallintayhteyksien rajaaminen
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-04.3: Hallintayhteydet - vähimmät oikeudet
Julkri
I-04: TIETOJENKÄSITTELY-YMPÄRISTÖJEN SUOJATTU YHTEENLIITTÄMINEN – HALLINTAYHTEYDET
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Hallintayhteyksien rajaaminen
Henkilökohtaiset tunnukset hallintayhteyksien käytössä
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnukset
Julkri
See all related requirements and other information from tasks own page.
Go to >
Henkilökohtaiset tunnukset hallintayhteyksien käytössä
Hallintayhteyksien rajaaminen turvallisuusluokittain
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-04.5: Hallintayhteydet - yhteyksien rajaaminen turvallisuusluokittain
Julkri
I-04: TIETOJENKÄSITTELY-YMPÄRISTÖJEN SUOJATTU YHTEENLIITTÄMINEN – HALLINTAYHTEYDET
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Hallintayhteyksien rajaaminen turvallisuusluokittain
Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely
Locking of user IDs for repeated failed authentications
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-08.3: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
TEK-08.2: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Locking of user IDs for repeated failed authentications
Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-07.5: Pääsyoikeuksien hallinnointi - TL III
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL III, ST III-II)
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-08.5: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL III
Julkri
I-07: MONITASOINEN SUOJAAMINEN – TIETOJENKÄSITTELY-YMPÄRISTÖN TOIMIJOIDEN TUNNISTAMINEN FYYSISESTI SUOJATUN TURVALLISUUSALUEEN SISÄLLÄ
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL III, ST III-II)
Separate approval process for high confidentiality access
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

4.2.1: Access Management
TISAX
6.8: Define and Maintain Role-Based Access Control
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Separate approval process for high confidentiality access
Credentials are not transmitted via email
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

9.2.4: Management of secret authentication information of users
ISO 27001
5.17: Authentication information
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Credentials are not transmitted via email
Preventing outdated authentication methods
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

2.3.7: Change all standard passwords on ICT products before deployment
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Preventing outdated authentication methods
Implementing formal access control processes
Critical
High
Normal
Low
Access control and authentication
20
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
4.1.2: Security of authentication
TISAX
30 § 3.9° (l'accès): Contrôle d'accès
NIS2 Belgium
2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Implementing formal access control processes
Centralized record of user's access rights to data systems
Critical
High
Normal
Low
Access control and authentication
14
requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa
NIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
30 § 3.9° (l'accès): Contrôle d'accès
NIS2 Belgium
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
14.5.10.b): Prieigos kontrolė
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Centralized record of user's access rights to data systems
Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin
Omavalvontasuunnitelma
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännöt
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely
Secure identification of systems with admin-rights
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
2.6.4: Minimise privileges for end users and special users
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Secure identification of systems with admin-rights

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security