Content library
Access control and authentication
Identification of actors in the information processing environment (CL III, PL III–II)
System management
Access control and authentication

Identification of actors in the information processing environment (CL III, PL III–II)

Start free trial

Task description

Identification of actors in the information processing environment (CL III, PL III–II)

The identification of actors in information processing environments requires the following additional measures:

  • strong user authentication based on at least two factors is in place
  • terminal devices are technically identified (device authentication, 802.1X, or an equivalent procedure) before being granted access to the network or service, unless physical security measures restrict network connectivity to a narrow scope (e. g. a server placed in a locked equipment cabinet within a security area).

In certain situations, electronic identification methods may be replaced by physical security measures (e. g. access to the system allowed only from a strictly limited and physically protected area, such as a locked equipment cabinet monitored with strong authentication). When relying on physical security measures, the requirements for traceability must also be met, particularly regarding the retention periods for log data and similar records. In such cases, actual system login may consist of, for example, a user ID and password pair.

Requirements connected to the task

I-07: DEFENCE-IN-DEPTH - IDENTIFICATION OF ACTORS OF THE INFORMATION PROCESSING ENVIRONMENT WITHIN A PHYSICALLY PROTECTED SECURITY AREA
Katakri 2020
TEK-08.5: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL III
Julkri: TL IV-I

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Management of identification and access methods
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

4.1.1: Management of access methods
TISAX
See all related requirements and other information from tasks own page.
Go to >
Management of identification and access methods
Use of multi-factor authentication for important data systems
Critical
High
Normal
Low
Access control and authentication
56
requirements

Examples of other requirements this task affects

9.1.1: Access control policy
ISO 27001
9.4.2: Secure log-on procedures
ISO 27001
I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
PR.AC-7: User, device, and other asset authentication
NIST
SEC-05: Remote access user authentication
Cyber Essentials
See all related requirements and other information from tasks own page.
Go to >
Use of multi-factor authentication for important data systems
Defining and documenting accepted authentication methods
Critical
High
Normal
Low
Access control and authentication
82
requirements

Examples of other requirements this task affects

9.1.1: Access control policy
ISO 27001
9.2.4: Management of secret authentication information of users
ISO 27001
9.4.2: Secure log-on procedures
ISO 27001
I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin
Omavalvontasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting accepted authentication methods
Use and evaluation of password management system
Critical
High
Normal
Low
Access control and authentication
54
requirements

Examples of other requirements this task affects

9.3.1: Use of secret authentication information
ISO 27001
9.4.3: Password management system
ISO 27001
SEC-07: Password policy
Cyber Essentials
5.17: Authentication information
ISO 27001
21.2.j: Multi-factor authentication (MFA)
NIS2
See all related requirements and other information from tasks own page.
Go to >
Use and evaluation of password management system
Regular reviewing of data system access rights
Critical
High
Normal
Low
Access control and authentication
33
requirements

Examples of other requirements this task affects

5. Principles relating to processing of personal data
GDPR
24. Responsibility of the controller
GDPR
32. Security of processing
GDPR
9.2.5: Review of user access rights
ISO 27001
16 §: Tietojärjestelmien käyttöoikeuksien hallinta
TiHL
See all related requirements and other information from tasks own page.
Go to >
Regular reviewing of data system access rights
Creating and maintaining an access control policy
Critical
High
Normal
Low
Access control and authentication
11
requirements

Examples of other requirements this task affects

40: Käyttövaltuuspolitiikka ja prosessi
Digiturvan kokonaiskuvapalvelu
2.6.1: Create guidelines for access control
NSM ICT-SP
2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
6.8: Define and Maintain Role-Based Access Control
CIS 18
14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politika
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining an access control policy
Registration of users accessing PHI
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

5.16: Identiteitsbeheer
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Registration of users accessing PHI
Policy for real identity verification for network services
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

Article 24: Provision of real identity information
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Policy for real identity verification for network services
Regular reviews of the account administration policy
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Regular reviews of the account administration policy
Periodic review of access rights
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Periodic review of access rights
Assigning roles related to access management and managing privileged access
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Assigning roles related to access management and managing privileged access
Identity management policy
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Identity management policy
Account management
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Account management
Access to electronic protected health information
Critical
High
Normal
Low
Access control and authentication
8
requirements

Examples of other requirements this task affects

5.12: Classificatie van informatie
NEN 7510
5.41: HLT – Openbaar beschikbare gezondheidsinformatie
NEN 7510
5.15: Toegangsbeveiliging
NEN 7510
8.5: Veilige authenticatie
NEN 7510
5.39: HLT – Unieke identificatie van zorgontvangers
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Access to electronic protected health information
Control of physical and logical access
Critical
High
Normal
Low
Access control and authentication
4
requirements

Examples of other requirements this task affects

Article 33: Access Control
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Control of physical and logical access
Establishing and maintaining an inventory of the enterprise’s authentication systems
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.6: Establish and Maintain an Inventory of Authentication and Authorization Systems
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining an inventory of the enterprise’s authentication systems
Enforcing MFA for administrative access
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.5: Require MFA for Administrative Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Enforcing MFA for administrative access
Enforcing MFA for external applications
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.3: Require MFA for Externally-Exposed Applications
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Enforcing MFA for external applications
Using behavior-based anti-malware software
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

10.7: Use Behavior-Based Anti-Malware Software
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Using behavior-based anti-malware software
Deploying and maintaining anti-malware protections of email server
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

9.7: Deploy and Maintain Email Server Anti-Malware Protections
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Deploying and maintaining anti-malware protections of email server
Using of DNS filtering services
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

9.2: Use DNS Filtering Services
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Using of DNS filtering services
Centralizing access control
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.7: Centralize Access Control
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Centralizing access control
Requiring MFA for remote network access
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

6.4: Require MFA for Remote Network Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Requiring MFA for remote network access
Using unique passwords
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

5.2: Use Unique Passwords
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Using unique passwords
Process for establishing and maintaining an inventory of accounts
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

5.1: Establish and Maintain an Inventory of Accounts
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Process for establishing and maintaining an inventory of accounts
Enforcing an automatic device lockout on portable end-user devices
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

4.10: Enforce Automatic Device Lockout on Portable End-User Devices
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Enforcing an automatic device lockout on portable end-user devices
Disabling default accounts
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

4.7: Manage Default Accounts on Enterprise Assets and Software
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Disabling default accounts
Zero trust architecture in authentication
Critical
High
Normal
Low
Access control and authentication
5
requirements

Examples of other requirements this task affects

PR.AA-03: Authentication before access
NIST 2.0
19.2.i (risk management): Insider risk management
NIS2 Malta
3.1.8: Säkrade lösningar för kommunikation
NIS2 Sweden
8.35: HLT – Zero trust-principes
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Zero trust architecture in authentication
Protecting credentials and identity assertions
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

PR.AA-04: Identity assertions
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Protecting credentials and identity assertions
Document the identity life cycle management processes
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
5.16: Identiteitsbeheer
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Document the identity life cycle management processes
Using trust-based access control
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

2.2.6: Control access to services based on knowledge of users and devices
NSM ICT-SP
2.5.2: Restrict access to internal services from external locations
NSM ICT-SP
Article 35: Data, system and network security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Using trust-based access control
Reusing identities across systems, sub-systems and applications
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

2.6.1: Create guidelines for access control
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Reusing identities across systems, sub-systems and applications
Use a centralised tool to check password quality
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Use a centralised tool to check password quality
Certificate based authentication for system-to-system communication
Critical
High
Normal
Low
Access control and authentication
4
requirements

Examples of other requirements this task affects

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
3.1.8: Säkrade lösningar för kommunikation
NIS2 Sweden
8.35: HLT – Zero trust-principes
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Certificate based authentication for system-to-system communication
Need to know -principle in access management
Critical
High
Normal
Low
Access control and authentication
20
requirements

Examples of other requirements this task affects

9.1.1: Access control policy
ISO 27001
I06: Pääsyoikeuksien hallinnointi
Katakri
PR.AC-4: Access permissions and authorizations
NIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminen
Julkri
HAL-14: Käyttö- ja käsittelyoikeudet
Julkri
See all related requirements and other information from tasks own page.
Go to >
Need to know -principle in access management
Analyzing authentication processes of critical systems
Critical
High
Normal
Low
Access control and authentication
33
requirements

Examples of other requirements this task affects

9.4.2: Secure log-on procedures
ISO 27001
PR.AC-7: User, device, and other asset authentication
NIST
SEC-05: Remote access user authentication
Cyber Essentials
9.4: System and application access control
ISO 27017
9.4.2: Secure log-on procedures
ISO 27017
See all related requirements and other information from tasks own page.
Go to >
Analyzing authentication processes of critical systems
Managing shared user credential through password management system
Critical
High
Normal
Low
Access control and authentication
6
requirements

Examples of other requirements this task affects

9.2.4: Management of secret authentication information of users
ISO 27001
9.4.3: Password management system
ISO 27001
5.17: Authentication information
ISO 27001
2.6.1: Create guidelines for access control
NSM ICT-SP
2.6.5: Minimise privileges for management accounts
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Managing shared user credential through password management system
Avoiding and documenting shared user accounts
Critical
High
Normal
Low
Access control and authentication
14
requirements

Examples of other requirements this task affects

32. Security of processing
GDPR
9.2.4: Management of secret authentication information of users
ISO 27001
I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
5.16: Identity management
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Avoiding and documenting shared user accounts
Using multi-factor authentication for admins
Critical
High
Normal
Low
Access control and authentication
39
requirements

Examples of other requirements this task affects

9.1.1: Access control policy
ISO 27001
9.2.3: Management of privileged access rights
ISO 27001
PR.AC-7: User, device, and other asset authentication
NIST
UAC-04: Two factor authentication
Cyber Essentials
TEK-04.1: Hallintayhteydet - vahva tunnistaminen julkisessa verkossa
Julkri
See all related requirements and other information from tasks own page.
Go to >
Using multi-factor authentication for admins
Use of dedicated admin accounts in critical data systems
Critical
High
Normal
Low
Access control and authentication
42
requirements

Examples of other requirements this task affects

9.2.3: Management of privileged access rights
ISO 27001
UAC-05: Administrative account usage
Cyber Essentials
TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen
Julkri
8.2: Privileged access rights
ISO 27001
CC6.3: Management of access to data based on roles and responsibilities
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Use of dedicated admin accounts in critical data systems
Enabling multi-factor authentication for all users
Critical
High
Normal
Low
Access control and authentication
34
requirements

Examples of other requirements this task affects

9.3.1: Use of secret authentication information
ISO 27001
PR.AC-7: User, device, and other asset authentication
NIST
UAC-04: Two factor authentication
Cyber Essentials
44: Monivaiheinen tunnistus etäkäytössä
Digiturvan kokonaiskuvapalvelu
21.2.j: Multi-factor authentication (MFA)
NIS2
See all related requirements and other information from tasks own page.
Go to >
Enabling multi-factor authentication for all users
Defining and documenting access roles
Critical
High
Normal
Low
Access control and authentication
78
requirements

Examples of other requirements this task affects

5. Principles relating to processing of personal data
GDPR
25. Data protection by design and by default
GDPR
9.1.1: Access control policy
ISO 27001
9.1.2: Access to networks and network services
ISO 27001
9.2.2: User access provisioning
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting access roles
Rules and formal management process for admin rights
Critical
High
Normal
Low
Access control and authentication
43
requirements

Examples of other requirements this task affects

9.2.3: Management of privileged access rights
ISO 27001
TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnukset
Julkri
8.2: Privileged access rights
ISO 27001
CC6.1b: Logical access control for protected information assets
SOC 2
CC6.3: Management of access to data based on roles and responsibilities
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Rules and formal management process for admin rights
Instructions for reporting changes affecting access rights
Critical
High
Normal
Low
Access control and authentication
34
requirements

Examples of other requirements this task affects

9.2.6: Removal or adjustment of access rights
ISO 27001
I06: Pääsyoikeuksien hallinnointi
Katakri
PR.AC-1: Identity and credential management
NIST
TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuus
Julkri
5.18: Access rights
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Instructions for reporting changes affecting access rights
Roolipohjaisista käyttöoikeuksista poikkeamien käsittely
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin
Omavalvontasuunnitelma
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännöt
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Roolipohjaisista käyttöoikeuksista poikkeamien käsittely
Approval process that includes the customer for high-risk administrator rights
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Approval process that includes the customer for high-risk administrator rights
Using unique user names
Critical
High
Normal
Low
Access control and authentication
10
requirements

Examples of other requirements this task affects

PR.AC-6: Proof of identity
NIST
UAC-02: User authentication
Cyber Essentials
A.11.8: Unique use of user IDs
ISO 27018
TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnukset
Julkri
TEK-08.1: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Using unique user names
Minimizing and monitoring log data access
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

3.14: Log Sensitive Data Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Minimizing and monitoring log data access
Changing default passwords
Critical
High
Normal
Low
Access control and authentication
4
requirements

Examples of other requirements this task affects

SEC-02: Changing default passwords
Cyber Essentials
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
2.3.7: Change all standard passwords on ICT products before deployment
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Changing default passwords
Reviewing password practices on password protected systems
Critical
High
Normal
Low
Access control and authentication
7
requirements

Examples of other requirements this task affects

SEC-06: Reviewing password practices on password protected systems
Cyber Essentials
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
2.6.7: Use multifactor authentication
NSM ICT-SP
4.10: Enforce Automatic Device Lockout on Portable End-User Devices
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Reviewing password practices on password protected systems
Descriptions of different access rights management processes
Critical
High
Normal
Low
Access control and authentication
11
requirements

Examples of other requirements this task affects

ACCESS-1: Establish Identities and Manage Authentication
C2M2
I-06: THE PRINCIPLE OF LEAST PRIVILEGE – MANAGEMENT OF ACCESS RIGHTS
Katakri 2020
4.5: Käyttöoikeuksien hallinta
TiHL tietoturvavaatimukset
4.2.1: Access Management
TISAX
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Descriptions of different access rights management processes
Total record of authorized users for offered cloud services
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

A.11.9: Records of authorized users
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Total record of authorized users for offered cloud services
Secure management of de-activated or expired user IDs
Critical
High
Normal
Low
Access control and authentication
5
requirements

Examples of other requirements this task affects

A.11.10: User ID management
ISO 27018
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyberFundamentals
2.6.2: Establish a formal process for administration of accounts, access rights and privileges
NSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
PR.AA-01: Management of identities and credentials
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Secure management of de-activated or expired user IDs
Features and instructions for user registration and de-registration in offered cloud services
Critical
High
Normal
Low
Access control and authentication
6
requirements

Examples of other requirements this task affects

PR.AC-1: Identity and credential management
NIST
PR.AC-6: Proof of identity
NIST
9.2.1: User registration and de-registration
ISO 27017
9.2: User access management
ISO 27018
9.2.1: User registration and de-registration
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Features and instructions for user registration and de-registration in offered cloud services
Features and instructions for access management in offered cloud services
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

PR.AC-1: Identity and credential management
NIST
9.2.2: User access provisioning
ISO 27017
See all related requirements and other information from tasks own page.
Go to >
Features and instructions for access management in offered cloud services
Limitation of privileged utility programs
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

9.4.4: Use of privileged utility programs
ISO 27001
8.18: Use of privileged utility programs
ISO 27001
8.18: Gebruik van speciale systeemtools
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Limitation of privileged utility programs
Limitation of privileged of utility programs in relation to offered cloud services
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

9.4.4: Use of privileged utility programs
ISO 27017
See all related requirements and other information from tasks own page.
Go to >
Limitation of privileged of utility programs in relation to offered cloud services
Access rights are managed by the principle of the least privilege
Critical
High
Normal
Low
Access control and authentication
15
requirements

Examples of other requirements this task affects

PR.AC-4: Access permissions and authorizations
NIST
I-06: THE PRINCIPLE OF LEAST PRIVILEGE – MANAGEMENT OF ACCESS RIGHTS
Katakri 2020
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.
CyberFundamentals
2.6.1: Create guidelines for access control
NSM ICT-SP
2.6.4: Minimise privileges for end users and special users
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Access rights are managed by the principle of the least privilege
Authentication of identities and binding to user data
Critical
High
Normal
Low
Access control and authentication
14
requirements

Examples of other requirements this task affects

PR.AC-6: Proof of identity
NIST
ACCESS-1: Establish Identities and Manage Authentication
C2M2
4.1.3: Management of users in data systems
TISAX
PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.
CyberFundamentals
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Authentication of identities and binding to user data
Hallintayhteyksien vahva tunnistaminen julkisessa verkossa
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-04.1: Hallintayhteydet - vahva tunnistaminen julkisessa verkossa
Julkri
See all related requirements and other information from tasks own page.
Go to >
Hallintayhteyksien vahva tunnistaminen julkisessa verkossa
Restriction of administrative connections
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-04.3: Hallintayhteydet - vähimmät oikeudet
Julkri
I-04: SECURE INTERCONNECTION OF CIS – MANAGEMENT CONNECTIONS
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Restriction of administrative connections
Henkilökohtaiset tunnukset hallintayhteyksien käytössä
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnukset
Julkri
See all related requirements and other information from tasks own page.
Go to >
Henkilökohtaiset tunnukset hallintayhteyksien käytössä
Restriction of administrative connections by classification level
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-04.5: Hallintayhteydet - yhteyksien rajaaminen turvallisuusluokittain
Julkri
I-04: SECURE INTERCONNECTION OF CIS – MANAGEMENT CONNECTIONS
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Restriction of administrative connections by classification level
Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely
Locking of user IDs for repeated failed authentications
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-08.2: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
TEK-08.3: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Locking of user IDs for repeated failed authentications
Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

TEK-07.5: Pääsyoikeuksien hallinnointi - TL III
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)
Identification of actors in the information processing environment (CL III, PL III–II)
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

TEK-08.5: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL III
Julkri
I-07: DEFENCE-IN-DEPTH - IDENTIFICATION OF ACTORS OF THE INFORMATION PROCESSING ENVIRONMENT WITHIN A PHYSICALLY PROTECTED SECURITY AREA
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Identification of actors in the information processing environment (CL III, PL III–II)
Separate approval process for high confidentiality access
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

4.2.1: Access Management
TISAX
6.8: Define and Maintain Role-Based Access Control
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Separate approval process for high confidentiality access
Credentials are not transmitted via email
Critical
High
Normal
Low
Access control and authentication
4
requirements

Examples of other requirements this task affects

9.2.4: Management of secret authentication information of users
ISO 27001
5.17: Authentication information
ISO 27001
5.17: Authenticatiegegevens
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Credentials are not transmitted via email
Preventing outdated authentication methods
Critical
High
Normal
Low
Access control and authentication
1
requirements

Examples of other requirements this task affects

2.3.7: Change all standard passwords on ICT products before deployment
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Preventing outdated authentication methods
Implementing formal access control processes
Critical
High
Normal
Low
Access control and authentication
46
requirements

Examples of other requirements this task affects

9.1.1: Access control policy
ISO 27001
5.15: Access control
ISO 27001
21.2.i (access): Access control
NIS2
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännöt
Tietoturvasuunnitelma
4.1.2: Security of authentication
TISAX
See all related requirements and other information from tasks own page.
Go to >
Implementing formal access control processes
Centralized record of user's access rights to data systems
Critical
High
Normal
Low
Access control and authentication
33
requirements

Examples of other requirements this task affects

9.2.2: User access provisioning
ISO 27001
HAL-14.1: Käyttö- ja käsittelyoikeudet - ajantasainen luettelo - TL III
Julkri
21.2.i (access): Access control
NIS2
9.7 §: Pääsynhallinta, todentaminen ja MFA
Kyberturvallisuuslaki
2.6.3: Use a centralised tool to manage accounts, access rights and privileges
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Centralized record of user's access rights to data systems
Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely
Critical
High
Normal
Low
Access control and authentication
2
requirements

Examples of other requirements this task affects

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin
Omavalvontasuunnitelma
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännöt
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely
Secure identification of systems with admin-rights
Critical
High
Normal
Low
Access control and authentication
3
requirements

Examples of other requirements this task affects

TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
2.6.4: Minimise privileges for end users and special users
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Secure identification of systems with admin-rights

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security