Content library
C2M2: MIL1
ACCESS-1: Establish Identities and Manage Authentication

How to fill the requirement

C2M2: MIL1

ACCESS-1: Establish Identities and Manage Authentication

Task name
Priority
Status
Theme
Policy
Other requirements
Authentication of identities and binding to user data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
9
requirements

Task is fulfilling also these other security requirements

PR.AC-6: Proof of identity
NIST
ACCESS-1: Establish Identities and Manage Authentication
C2M2: MIL1
4.1.3: Management of users in data systems
TISAX
PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.
CyFun
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.
CyFun
1. Task description

The organization verifies the identity of users and associates them with user information. These should also be confirmed before any interaction.

Identity verification must be performed according to pre-written and approved rules.

Descriptions of different access rights management processes
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
8
requirements

Task is fulfilling also these other security requirements

ACCESS-1: Establish Identities and Manage Authentication
C2M2: MIL1
I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTI
Katakri 2020
4.5: Käyttöoikeuksien hallinta
TiHL: Tietoturva
4.2.1: Access Management
TISAX
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.
CyFun
1. Task description

The organisation must manage all of it’s users and their privileges. This includes all third party users, which have access into the organisations data or systems.

The organisation must remove users entirely or remove privileges from them when they are no longer needed e.g when employee role changes.

Avoiding and documenting shared user accounts
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
11
requirements

Task is fulfilling also these other security requirements

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
32. Security of processing
GDPR
9.2.4: Management of secret authentication information of users
ISO27 Full
TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
5.16: Identity management
ISO27k1 Full
1. Task description

Shared accounts should only be allowed if they are necessary for business or operational reasons and should be separately approved and documented.

If shared accounts are used for admin purposes, passwords must be changed as soon as possible after any user with admin rights leaves their job.

No items found.