Use of multi-factor authentication for important data systems

Other tasks from the same security theme

Task name

Priority

Policy

Other requirements

Management of identification and access methods

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

4.1.1: Management of access methods

TISAX

See all related requirements and other information from tasks own page.

Go to >

Management of identification and access methods

Use of multi-factor authentication for important data systems

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

4.1.2: Security of authentication

TISAX

30 § 3.10°: D'authentification à plusieurs facteurs

NIS2 Belgium

See all related requirements and other information from tasks own page.

Go to >

Use of multi-factor authentication for important data systems

Defining and documenting accepted authentication methods

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti

NIS2 Croatia

4.5: Käyttöoikeuksien hallinta

TiHL tietoturvavaatimukset

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

4.1.2: Security of authentication

TISAX

See all related requirements and other information from tasks own page.

Go to >

Defining and documenting accepted authentication methods

Use and evaluation of password management system

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

30 § 3.9° (l'accès): Contrôle d'accès

NIS2 Belgium

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.

CyberFundamentals

See all related requirements and other information from tasks own page.

Go to >

Use and evaluation of password management system

Regular reviewing of data system access rights

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

I06: Pääsyoikeuksien hallinnointi

Katakri

16 §: Tietojärjestelmien käyttöoikeuksien hallinta

TiHL

24. Responsibility of the controller

GDPR

32. Security of processing

GDPR

5. Principles relating to processing of personal data

GDPR

See all related requirements and other information from tasks own page.

Go to >

Regular reviewing of data system access rights

Creating and maintaining an access control policy

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politika

NIS2 Lithuania

40: Käyttövaltuuspolitiikka ja prosessi

Digiturvan kokonaiskuvapalvelu

2.6.2: Establish a formal process for administration of accounts, access rights and privileges

NSM ICT-SP

2.6.1: Create guidelines for access control

NSM ICT-SP

6.8: Define and Maintain Role-Based Access Control

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Creating and maintaining an access control policy

Regular reviews of the account administration policy

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Regular reviews of the account administration policy

Periodic review of access rights

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Periodic review of access rights

Assigning roles related to access management and managing privileged access

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Assigning roles related to access management and managing privileged access

Identity management policy

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Identity management policy

Account management

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Account management

Access to electronic protected health information

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Access to electronic protected health information

Control of physical and logical access

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Article 33: Access Control

DORA simplified RMF

See all related requirements and other information from tasks own page.

Go to >

Control of physical and logical access

Establishing and maintaining an inventory of the enterprise’s authentication systems

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

6.6: Establish and Maintain an Inventory of Authentication and Authorization Systems

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Establishing and maintaining an inventory of the enterprise’s authentication systems

Enforcing MFA for administrative access

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

6.5: Require MFA for Administrative Access

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Enforcing MFA for administrative access

Enforcing MFA for external applications

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

6.3: Require MFA for Externally-Exposed Applications

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Enforcing MFA for external applications

Using behavior-based anti-malware software

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

10.7: Use Behavior-Based Anti-Malware Software

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Using behavior-based anti-malware software

Deploying and maintaining anti-malware protections of email server

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.7: Deploy and Maintain Email Server Anti-Malware Protections

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Deploying and maintaining anti-malware protections of email server

Using of DNS filtering services

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.2: Use DNS Filtering Services

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Using of DNS filtering services

Centralizing access control

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

6.7: Centralize Access Control

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Centralizing access control

Requiring MFA for remote network access

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

6.4: Require MFA for Remote Network Access

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Requiring MFA for remote network access

Using unique passwords

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

5.2: Use Unique Passwords

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Using unique passwords

Process for establishing and maintaining an inventory of accounts

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

5.1: Establish and Maintain an Inventory of Accounts

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Process for establishing and maintaining an inventory of accounts

Enforcing an automatic device lockout on portable end-user devices

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

4.10: Enforce Automatic Device Lockout on Portable End-User Devices

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Enforcing an automatic device lockout on portable end-user devices

Disabling default accounts

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

4.7: Manage Default Accounts on Enterprise Assets and Software

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Disabling default accounts

Zero trust architecture in authentication

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

PR.AA-03: Authentication before access

NIST 2.0

19.2.i (ġestjoni tar-riskju): Ġestjoni tar-riskju minn ġewwa

NIS2 Malta

3.1.8: Säkrade lösningar för kommunikation

NIS2 Sweden

See all related requirements and other information from tasks own page.

Go to >

Zero trust architecture in authentication

Protecting credentials and identity assertions

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

PR.AA-04: Identity assertions

NIST 2.0

See all related requirements and other information from tasks own page.

Go to >

Protecting credentials and identity assertions

Document the identity life cycle management processes

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

2.6.2: Establish a formal process for administration of accounts, access rights and privileges

NSM ICT-SP

2.6.3: Use a centralised tool to manage accounts, access rights and privileges

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Document the identity life cycle management processes

Using trust-based access control

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

2.5.2: Restrict access to internal services from external locations

NSM ICT-SP

2.2.6: Control access to services based on knowledge of users and devices

NSM ICT-SP

Article 35: Data, system and network security

DORA simplified RMF

See all related requirements and other information from tasks own page.

Go to >

Using trust-based access control

Reusing identities across systems, sub-systems and applications

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

2.6.1: Create guidelines for access control

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Reusing identities across systems, sub-systems and applications

Use a centralised tool to check password quality

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

2.6.3: Use a centralised tool to manage accounts, access rights and privileges

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Use a centralised tool to check password quality

Certificate based authentication for system-to-system communication

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.

CyberFundamentals

3.1.8: Säkrade lösningar för kommunikation

NIS2 Sweden

See all related requirements and other information from tasks own page.

Go to >

Certificate based authentication for system-to-system communication

Need to know -principle in access management

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

I06: Pääsyoikeuksien hallinnointi

Katakri

9.1.1: Access control policy

ISO 27001

PR.AC-4: Access permissions and authorizations

NIST

HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminen

Julkri

HAL-14: Käyttö- ja käsittelyoikeudet

Julkri

See all related requirements and other information from tasks own page.

Go to >

Need to know -principle in access management

Analyzing authentication processes of critical systems

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.4.2: Secure log-on procedures

ISO 27001

9.4: System and application access control

ISO 27017

9.4.2: Secure log-on procedures

ISO 27017

9.4.2: Secure log-on procedures

ISO 27018

9.4.4: Use of privileged utility programs

ISO 27017

See all related requirements and other information from tasks own page.

Go to >

Analyzing authentication processes of critical systems

Managing shared user credential through password management system

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.4.3: Password management system

ISO 27001

9.2.4: Management of secret authentication information of users

ISO 27001

5.17: Authentication information

ISO 27001

2.6.5: Minimise privileges for management accounts

NSM ICT-SP

2.6.1: Create guidelines for access control

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Managing shared user credential through password management system

Avoiding and documenting shared user accounts

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

Katakri

32. Security of processing

GDPR

9.2.4: Management of secret authentication information of users

ISO 27001

TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

Julkri

5.16: Identity management

ISO 27001

See all related requirements and other information from tasks own page.

Go to >

Avoiding and documenting shared user accounts

Using multi-factor authentication for admins

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

4.1.2: Security of authentication

TISAX

30 § 3.10°: D'authentification à plusieurs facteurs

NIS2 Belgium

2.6.7: Use multifactor authentication

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Using multi-factor authentication for admins

Use of dedicated admin accounts in critical data systems

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

4.2.1: Access Management

TISAX

30 § 3.9° (l'accès): Contrôle d'accès

NIS2 Belgium

2.6.4: Minimise privileges for end users and special users

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Use of dedicated admin accounts in critical data systems

Enabling multi-factor authentication for all users

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnosti

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

30 § 3.10°: D'authentification à plusieurs facteurs

NIS2 Belgium

2.6.7: Use multifactor authentication

NSM ICT-SP

PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.

CyberFundamentals

See all related requirements and other information from tasks own page.

Go to >

Enabling multi-factor authentication for all users

Defining and documenting access roles

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

4.5: Käyttöoikeuksien hallinta

TiHL tietoturvavaatimukset

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

4.2.1: Access Management

TISAX

4.1.2: Security of authentication

TISAX

See all related requirements and other information from tasks own page.

Go to >

Defining and documenting access roles

Rules and formal management process for admin rights

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

30 § 3.9° (l'accès): Contrôle d'accès

NIS2 Belgium

2.6.2: Establish a formal process for administration of accounts, access rights and privileges

NSM ICT-SP

2.6.4: Minimise privileges for end users and special users

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Rules and formal management process for admin rights

Instructions for reporting changes affecting access rights

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

4.1.1: Management of access methods

TISAX

30 § 3.9° (l'accès): Contrôle d'accès

NIS2 Belgium

14.5.10.b): Prieigos kontrolė

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Instructions for reporting changes affecting access rights

Roolipohjaisista käyttöoikeuksista poikkeamien käsittely

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin

Omavalvontasuunnitelma

6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännöt

Tietoturvasuunnitelma

See all related requirements and other information from tasks own page.

Go to >

Roolipohjaisista käyttöoikeuksista poikkeamien käsittely

Approval process that includes the customer for high-risk administrator rights

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Approval process that includes the customer for high-risk administrator rights

Using unique user names

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

UAC-02: User authentication

Cyber Essentials

A.11.8: Unique use of user IDs

ISO 27018

PR.AC-6: Proof of identity

NIST

TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnukset

Julkri

TEK-08.1: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

Julkri

See all related requirements and other information from tasks own page.

Go to >

Using unique user names

Minimizing and monitoring log data access

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

3.14: Log Sensitive Data Access

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Minimizing and monitoring log data access

Changing default passwords

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

SEC-02: Changing default passwords

Cyber Essentials

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.

CyberFundamentals

2.3.7: Change all standard passwords on ICT products before deployment

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Changing default passwords

Reviewing password practices on password protected systems

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

SEC-06: Reviewing password practices on password protected systems

Cyber Essentials

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.

CyberFundamentals

2.6.7: Use multifactor authentication

NSM ICT-SP

2.6.3: Use a centralised tool to manage accounts, access rights and privileges

NSM ICT-SP

5.2: Use Unique Passwords

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Reviewing password practices on password protected systems

Descriptions of different access rights management processes

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politika

NIS2 Lithuania

ACCESS-1: Establish Identities and Manage Authentication

C2M2

I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTI

Katakri 2020

4.5: Käyttöoikeuksien hallinta

TiHL tietoturvavaatimukset

4.2.1: Access Management

TISAX

See all related requirements and other information from tasks own page.

Go to >

Descriptions of different access rights management processes

Total record of authorized users for offered cloud services

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

A.11.9: Records of authorized users

ISO 27018

See all related requirements and other information from tasks own page.

Go to >

Total record of authorized users for offered cloud services

Secure management of de-activated or expired user IDs

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

A.11.10: User ID management

ISO 27018

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.

CyberFundamentals

2.6.2: Establish a formal process for administration of accounts, access rights and privileges

NSM ICT-SP

2.6.3: Use a centralised tool to manage accounts, access rights and privileges

NSM ICT-SP

PR.AA-01: Management of identities and credentials

NIST 2.0

See all related requirements and other information from tasks own page.

Go to >

Secure management of de-activated or expired user IDs

Features and instructions for user registration and de-registration in offered cloud services

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.2.1: User registration and de-registration

ISO 27017

9.2: User access management

ISO 27018

9.2.1: User registration and de-registration

ISO 27018

PR.AC-1: Identity and credential management

NIST

PR.AC-6: Proof of identity

NIST

See all related requirements and other information from tasks own page.

Go to >

Features and instructions for user registration and de-registration in offered cloud services

Features and instructions for access management in offered cloud services

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.2.2: User access provisioning

ISO 27017

PR.AC-1: Identity and credential management

NIST

See all related requirements and other information from tasks own page.

Go to >

Features and instructions for access management in offered cloud services

Limitation of privileged utility programs

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.4.4: Use of privileged utility programs

ISO 27001

8.18: Use of privileged utility programs

ISO 27001

See all related requirements and other information from tasks own page.

Go to >

Limitation of privileged utility programs

Limitation of privileged of utility programs in relation to offered cloud services

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.4.4: Use of privileged utility programs

ISO 27017

See all related requirements and other information from tasks own page.

Go to >

Limitation of privileged of utility programs in relation to offered cloud services

Access rights are managed by the principle of the least privilege

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

PR.AC-4: Access permissions and authorizations

NIST

I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTI

Katakri 2020

PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.

CyberFundamentals

2.6.4: Minimise privileges for end users and special users

NSM ICT-SP

2.6.5: Minimise privileges for management accounts

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Access rights are managed by the principle of the least privilege

Authentication of identities and binding to user data

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

PR.AC-6: Proof of identity

NIST

ACCESS-1: Establish Identities and Manage Authentication

C2M2

4.1.3: Management of users in data systems

TISAX

PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.

CyberFundamentals

PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.

CyberFundamentals

See all related requirements and other information from tasks own page.

Go to >

Authentication of identities and binding to user data

Hallintayhteyksien vahva tunnistaminen julkisessa verkossa

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-04.1: Hallintayhteydet - vahva tunnistaminen julkisessa verkossa

Julkri

See all related requirements and other information from tasks own page.

Go to >

Hallintayhteyksien vahva tunnistaminen julkisessa verkossa

Hallintayhteyksien rajaaminen

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-04.3: Hallintayhteydet - vähimmät oikeudet

Julkri

I-04: TIETOJENKÄSITTELY-YMPÄRISTÖJEN SUOJATTU YHTEENLIITTÄMINEN – HALLINTAYHTEYDET

Katakri 2020

See all related requirements and other information from tasks own page.

Go to >

Hallintayhteyksien rajaaminen

Henkilökohtaiset tunnukset hallintayhteyksien käytössä

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnukset

Julkri

See all related requirements and other information from tasks own page.

Go to >

Henkilökohtaiset tunnukset hallintayhteyksien käytössä

Hallintayhteyksien rajaaminen turvallisuusluokittain

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-04.5: Hallintayhteydet - yhteyksien rajaaminen turvallisuusluokittain

Julkri

I-04: TIETOJENKÄSITTELY-YMPÄRISTÖJEN SUOJATTU YHTEENLIITTÄMINEN – HALLINTAYHTEYDET

Katakri 2020

See all related requirements and other information from tasks own page.

Go to >

Hallintayhteyksien rajaaminen turvallisuusluokittain

Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen

Julkri

See all related requirements and other information from tasks own page.

Go to >

Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely

Locking of user IDs for repeated failed authentications

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-08.3: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

Julkri

TEK-08.2: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

Julkri

See all related requirements and other information from tasks own page.

Go to >

Locking of user IDs for repeated failed authentications

Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-07.5: Pääsyoikeuksien hallinnointi - TL III

Julkri

See all related requirements and other information from tasks own page.

Go to >

Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)

Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL III, ST III-II)

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-08.5: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL III

Julkri

I-07: MONITASOINEN SUOJAAMINEN – TIETOJENKÄSITTELY-YMPÄRISTÖN TOIMIJOIDEN TUNNISTAMINEN FYYSISESTI SUOJATUN TURVALLISUUSALUEEN SISÄLLÄ

Katakri 2020

See all related requirements and other information from tasks own page.

Go to >

Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL III, ST III-II)

Separate approval process for high confidentiality access

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

4.2.1: Access Management

TISAX

6.8: Define and Maintain Role-Based Access Control

CIS 18

See all related requirements and other information from tasks own page.

Go to >

Separate approval process for high confidentiality access

Credentials are not transmitted via email

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

9.2.4: Management of secret authentication information of users

ISO 27001

5.17: Authentication information

ISO 27001

See all related requirements and other information from tasks own page.

Go to >

Credentials are not transmitted via email

Preventing outdated authentication methods

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

2.3.7: Change all standard passwords on ICT products before deployment

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Preventing outdated authentication methods

Implementing formal access control processes

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

4.1.2: Security of authentication

TISAX

30 § 3.9° (l'accès): Contrôle d'accès

NIS2 Belgium

2.6.2: Establish a formal process for administration of accounts, access rights and privileges

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Implementing formal access control processes

Centralized record of user's access rights to data systems

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

Članak 30.1.i (Pristup): Politike kontrole pristupa

NIS2 Croatia

9.7 §: Pääsynhallinta, todentaminen ja MFA

Kyberturvallisuuslaki

30 § 3.9° (l'accès): Contrôle d'accès

NIS2 Belgium

2.6.3: Use a centralised tool to manage accounts, access rights and privileges

NSM ICT-SP

14.5.10.b): Prieigos kontrolė

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Centralized record of user's access rights to data systems

Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin

Omavalvontasuunnitelma

6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännöt

Tietoturvasuunnitelma

See all related requirements and other information from tasks own page.

Go to >

Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely

Secure identification of systems with admin-rights

Critical

High

Normal

Low

Access control and authentication

requirements

Examples of other requirements this task affects

TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

Julkri

2.6.4: Minimise privileges for end users and special users

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Secure identification of systems with admin-rights

Use of multi-factor authentication for important data systems

Task description

Use of multi-factor authentication for important data systems

Requirements connected to the task

Other tasks from the same security theme

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Never duplicate effort. Do it once - improve compliance across frameworks.

Stay up-to-date on cyber security

Subscribe for our free, weekly newsletter