Requirement

Access control and authentication

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Fulfill this requirement by completing the tasks below ->
Access control and authentication
This requirement is part of the framework:  

Other requirements of the framework

No items found.
0
Access control and authentication
No items found.
System management
Best practices
How to implement:
Access control and authentication
This policy on
Access control and authentication
provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.
Read below what concrete actions you can take to improve this ->
System management
Access control and authentication
Frameworks that include requirements for this topic:
Lov om digital sikkerhet (Norge)
Sikkerhetsloven (Norge)
Cybersikkerhedsloven (Danmark)
CER Directive
Avviż Legali 71 tal-2025 (Malta)
Закон за прилагане на NIS2 (България)

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Access control and authentication
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Management of identification and access methods
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Management of identification and access methods

This task helps you comply with the following requirements

4.1.1: Management of access methodsTISAX
Use of multi-factor authentication for important data systems
Critical
High
Normal
Low
51
requirements
System management
Access control and authentication

Use of multi-factor authentication for important data systems

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnostiNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
4.1.2: Security of authenticationTISAX
30 § 3.10°: D'authentification à plusieurs facteursNIS2 Belgium
2.6.7: Use multifactor authenticationNSM ICT-SP
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.CyberFundamentals
PR.AC-3: Remote access is managed.CyberFundamentals
14.5.11): Daugiafaktorinis autentifikavimas (MFA)NIS2 Lithuania
Defining and documenting accepted authentication methods
Critical
High
Normal
Low
71
requirements
System management
Access control and authentication

Defining and documenting accepted authentication methods

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnostiNIS2 Croatia
4.5: Käyttöoikeuksien hallintaTiHL tietoturvavaatimukset
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
4.1.2: Security of authenticationTISAX
30 § 3.10°: D'authentification à plusieurs facteursNIS2 Belgium
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.CyberFundamentals
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.CyberFundamentals
14.5.10.b): Prieigos kontrolėNIS2 Lithuania
Use and evaluation of password management system
Critical
High
Normal
Low
46
requirements
System management
Access control and authentication

Use and evaluation of password management system

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnostiNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
14.5.10.b): Prieigos kontrolėNIS2 Lithuania
14.5.11): Daugiafaktorinis autentifikavimas (MFA)NIS2 Lithuania
5.2: Use Unique PasswordsCIS 18
27.(g): Piekļuves kontrole un daudzfaktoru autentifikācija (MFA)NIS2 Latvia
Art. 24.2.i.2 (Controllo degli accessi): Sicurezza e affidabilita' del personale, politiche di controllo dell'accesso e gestione dei beni e degli assettiNIS2 Italy
Regular reviewing of data system access rights
Critical
High
Normal
Low
32
requirements
System management
Access control and authentication

Regular reviewing of data system access rights

This task helps you comply with the following requirements

I06: Pääsyoikeuksien hallinnointiKatakri
16 §: Tietojärjestelmien käyttöoikeuksien hallintaTiHL
24. Responsibility of the controllerGDPR
32. Security of processingGDPR
5. Principles relating to processing of personal dataGDPR
9.2.5: Review of user access rightsISO 27001
6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiinOmavalvontasuunnitelma
SEC-01: Unnecessary user accountsCyber Essentials
HAL-14: Käyttö- ja käsittelyoikeudetJulkri
TEK-07: Pääsyoikeuksien hallinnointiJulkri
Creating and maintaining an access control policy
Critical
High
Normal
Low
11
requirements
System management
Access control and authentication

Creating and maintaining an access control policy

This task helps you comply with the following requirements

14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politikaNIS2 Lithuania
40: Käyttövaltuuspolitiikka ja prosessiDigiturvan kokonaiskuvapalvelu
2.6.2: Establish a formal process for administration of accounts, access rights and privilegesNSM ICT-SP
2.6.1: Create guidelines for access controlNSM ICT-SP
6.8: Define and Maintain Role-Based Access ControlCIS 18
Article 32: Physical and environmental securityDORA simplified RMF
Article 33: Access ControlDORA simplified RMF
Regular reviews of the account administration policy
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Regular reviews of the account administration policy

This task helps you comply with the following requirements

No items found.
Periodic review of access rights
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Periodic review of access rights

This task helps you comply with the following requirements

No items found.
Assigning roles related to access management and managing privileged access
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Assigning roles related to access management and managing privileged access

This task helps you comply with the following requirements

No items found.
Identity management policy
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Identity management policy

This task helps you comply with the following requirements

No items found.
Account management
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Account management

This task helps you comply with the following requirements

No items found.
Access to electronic protected health information
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Access to electronic protected health information

This task helps you comply with the following requirements

No items found.
Control of physical and logical access
Critical
High
Normal
Low
4
requirements
System management
Access control and authentication

Control of physical and logical access

This task helps you comply with the following requirements

Article 33: Access ControlDORA simplified RMF
Establishing and maintaining an inventory of the enterprise’s authentication systems
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Establishing and maintaining an inventory of the enterprise’s authentication systems

This task helps you comply with the following requirements

6.6: Establish and Maintain an Inventory of Authentication and Authorization SystemsCIS 18
Enforcing MFA for administrative access
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Enforcing MFA for administrative access

This task helps you comply with the following requirements

6.5: Require MFA for Administrative AccessCIS 18
Enforcing MFA for external applications
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Enforcing MFA for external applications

This task helps you comply with the following requirements

6.3: Require MFA for Externally-Exposed ApplicationsCIS 18
Using behavior-based anti-malware software
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Using behavior-based anti-malware software

This task helps you comply with the following requirements

10.7: Use Behavior-Based Anti-Malware SoftwareCIS 18
Deploying and maintaining anti-malware protections of email server
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Deploying and maintaining anti-malware protections of email server

This task helps you comply with the following requirements

9.7: Deploy and Maintain Email Server Anti-Malware ProtectionsCIS 18
Using of DNS filtering services
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Using of DNS filtering services

This task helps you comply with the following requirements

9.2: Use DNS Filtering ServicesCIS 18
Centralizing access control
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Centralizing access control

This task helps you comply with the following requirements

6.7: Centralize Access ControlCIS 18
Requiring MFA for remote network access
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Requiring MFA for remote network access

This task helps you comply with the following requirements

6.4: Require MFA for Remote Network AccessCIS 18
Using unique passwords
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Using unique passwords

This task helps you comply with the following requirements

5.2: Use Unique PasswordsCIS 18
Process for establishing and maintaining an inventory of accounts
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Process for establishing and maintaining an inventory of accounts

This task helps you comply with the following requirements

5.1: Establish and Maintain an Inventory of AccountsCIS 18
Enforcing an automatic device lockout on portable end-user devices
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Enforcing an automatic device lockout on portable end-user devices

This task helps you comply with the following requirements

4.10: Enforce Automatic Device Lockout on Portable End-User DevicesCIS 18
Disabling default accounts
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Disabling default accounts

This task helps you comply with the following requirements

4.7: Manage Default Accounts on Enterprise Assets and SoftwareCIS 18
Zero trust architecture in authentication
Critical
High
Normal
Low
4
requirements
System management
Access control and authentication

Zero trust architecture in authentication

This task helps you comply with the following requirements

PR.AA-03: Authentication before accessNIST 2.0
19.2.i (ġestjoni tar-riskju): Ġestjoni tar-riskju minn ġewwaNIS2 Malta
3.1.8: Säkrade lösningar för kommunikationNIS2 Sweden
Protecting credentials and identity assertions
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Protecting credentials and identity assertions

This task helps you comply with the following requirements

PR.AA-04: Identity assertionsNIST 2.0
Document the identity life cycle management processes
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Document the identity life cycle management processes

This task helps you comply with the following requirements

2.6.2: Establish a formal process for administration of accounts, access rights and privilegesNSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privilegesNSM ICT-SP
Using trust-based access control
Critical
High
Normal
Low
3
requirements
System management
Access control and authentication

Using trust-based access control

This task helps you comply with the following requirements

2.5.2: Restrict access to internal services from external locationsNSM ICT-SP
2.2.6: Control access to services based on knowledge of users and devicesNSM ICT-SP
Article 35: Data, system and network securityDORA simplified RMF
Reusing identities across systems, sub-systems and applications
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Reusing identities across systems, sub-systems and applications

This task helps you comply with the following requirements

2.6.1: Create guidelines for access controlNSM ICT-SP
Use a centralised tool to check password quality
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Use a centralised tool to check password quality

This task helps you comply with the following requirements

2.6.3: Use a centralised tool to manage accounts, access rights and privilegesNSM ICT-SP
Certificate based authentication for system-to-system communication
Critical
High
Normal
Low
3
requirements
System management
Access control and authentication

Certificate based authentication for system-to-system communication

This task helps you comply with the following requirements

PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
3.1.8: Säkrade lösningar för kommunikationNIS2 Sweden
Need to know -principle in access management
Critical
High
Normal
Low
19
requirements
System management
Access control and authentication

Need to know -principle in access management

This task helps you comply with the following requirements

I06: Pääsyoikeuksien hallinnointiKatakri
9.1.1: Access control policyISO 27001
PR.AC-4: Access permissions and authorizationsNIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminenJulkri
HAL-14: Käyttö- ja käsittelyoikeudetJulkri
TEK-04.1: Hallintayhteydet - vahva tunnistaminen julkisessa verkossaJulkri
TEK-07.1: Pääsyoikeuksien hallinnointi - pääsyoikeuksien myöntäminenJulkri
TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminenJulkri
5.15: Access controlISO 27001
41: Käyttövaltuuksien ajantasaisuusDigiturvan kokonaiskuvapalvelu
Analyzing authentication processes of critical systems
Critical
High
Normal
Low
30
requirements
System management
Access control and authentication

Analyzing authentication processes of critical systems

This task helps you comply with the following requirements

9.4.2: Secure log-on proceduresISO 27001
9.4: System and application access controlISO 27017
9.4.2: Secure log-on proceduresISO 27017
9.4.2: Secure log-on proceduresISO 27018
9.4.4: Use of privileged utility programsISO 27017
9.4: System and application access controlISO 27018
PR.AC-7: User, device, and other asset authenticationNIST
14.5.11): Daugiafaktorinis autentifikavimas (MFA)NIS2 Lithuania
8.5: Secure authenticationISO 27001
CC6.1c: Technical security for protected information assetsSOC 2
Managing shared user credential through password management system
Critical
High
Normal
Low
5
requirements
System management
Access control and authentication

Managing shared user credential through password management system

This task helps you comply with the following requirements

9.4.3: Password management systemISO 27001
9.2.4: Management of secret authentication information of usersISO 27001
5.17: Authentication informationISO 27001
2.6.5: Minimise privileges for management accountsNSM ICT-SP
2.6.1: Create guidelines for access controlNSM ICT-SP
Avoiding and documenting shared user accounts
Critical
High
Normal
Low
12
requirements
System management
Access control and authentication

Avoiding and documenting shared user accounts

This task helps you comply with the following requirements

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminenKatakri
32. Security of processingGDPR
9.2.4: Management of secret authentication information of usersISO 27001
TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminenJulkri
5.16: Identity managementISO 27001
ACCESS-1: Establish Identities and Manage AuthenticationC2M2
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännötTietoturvasuunnitelma
I-07: MONITASOINEN SUOJAAMINEN – TIETOJENKÄSITTELY-YMPÄRISTÖN TOIMIJOIDEN TUNNISTAMINEN FYYSISESTI SUOJATUN TURVALLISUUSALUEEN SISÄLLÄKatakri 2020
4.1.3: Management of users in data systemsTISAX
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
Using multi-factor authentication for admins
Critical
High
Normal
Low
36
requirements
System management
Access control and authentication

Using multi-factor authentication for admins

This task helps you comply with the following requirements

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnostiNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
4.1.2: Security of authenticationTISAX
30 § 3.10°: D'authentification à plusieurs facteursNIS2 Belgium
2.6.7: Use multifactor authenticationNSM ICT-SP
14.5.11): Daugiafaktorinis autentifikavimas (MFA)NIS2 Lithuania
Article 9b: PreventionDORA
PR.AC-7: User, device, and other asset authenticationNIST
4.7: Manage Default Accounts on Enterprise Assets and SoftwareCIS 18
5.2: Use Unique PasswordsCIS 18
Use of dedicated admin accounts in critical data systems
Critical
High
Normal
Low
36
requirements
System management
Access control and authentication

Use of dedicated admin accounts in critical data systems

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
4.2.1: Access ManagementTISAX
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
2.6.4: Minimise privileges for end users and special usersNSM ICT-SP
2.6.5: Minimise privileges for management accountsNSM ICT-SP
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.CyberFundamentals
14.5.10.b): Prieigos kontrolėNIS2 Lithuania
PR.AA-05: Principles of least privilege and separation of dutiesNIST 2.0
5.4: Restrict Administrator Privileges to Dedicated Administrator AccountsCIS 18
Enabling multi-factor authentication for all users
Critical
High
Normal
Low
32
requirements
System management
Access control and authentication

Enabling multi-factor authentication for all users

This task helps you comply with the following requirements

Članak 30.1.j: Korištenje višefaktorske provjere autentičnosti ili rješenja kontinuirane provjere autentičnostiNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
30 § 3.10°: D'authentification à plusieurs facteursNIS2 Belgium
2.6.7: Use multifactor authenticationNSM ICT-SP
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.CyberFundamentals
14.5.11): Daugiafaktorinis autentifikavimas (MFA)NIS2 Lithuania
Article 9b: PreventionDORA
PR.AC-7: User, device, and other asset authenticationNIST
PR.AA-03: Authentication before accessNIST 2.0
5.2: Use Unique PasswordsCIS 18
Defining and documenting access roles
Critical
High
Normal
Low
72
requirements
System management
Access control and authentication

Defining and documenting access roles

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
4.5: Käyttöoikeuksien hallintaTiHL tietoturvavaatimukset
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
4.2.1: Access ManagementTISAX
4.1.2: Security of authenticationTISAX
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
1.3.1: Identify the users of the information systemsNSM ICT-SP
1.3.2: Identify and define the different user categoriesNSM ICT-SP
2.2.6: Control access to services based on knowledge of users and devicesNSM ICT-SP
2.6.1: Create guidelines for access controlNSM ICT-SP
Rules and formal management process for admin rights
Critical
High
Normal
Low
36
requirements
System management
Access control and authentication

Rules and formal management process for admin rights

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
2.6.2: Establish a formal process for administration of accounts, access rights and privilegesNSM ICT-SP
2.6.4: Minimise privileges for end users and special usersNSM ICT-SP
2.6.5: Minimise privileges for management accountsNSM ICT-SP
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.CyberFundamentals
14.5.10.b): Prieigos kontrolėNIS2 Lithuania
14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politikaNIS2 Lithuania
4.7: Manage Default Accounts on Enterprise Assets and SoftwareCIS 18
Instructions for reporting changes affecting access rights
Critical
High
Normal
Low
28
requirements
System management
Access control and authentication

Instructions for reporting changes affecting access rights

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
4.1.1: Management of access methodsTISAX
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
14.5.10.b): Prieigos kontrolėNIS2 Lithuania
PR.AC-1: Identity and credential managementNIST
27.(g): Piekļuves kontrole un daudzfaktoru autentifikācija (MFA)NIS2 Latvia
Art. 24.2.i.2 (Controllo degli accessi): Sicurezza e affidabilita' del personale, politiche di controllo dell'accesso e gestione dei beni e degli assettiNIS2 Italy
TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuusJulkri
21.2.i (access): Access controlNIS2
Roolipohjaisista käyttöoikeuksista poikkeamien käsittely
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Roolipohjaisista käyttöoikeuksista poikkeamien käsittely

This task helps you comply with the following requirements

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiinOmavalvontasuunnitelma
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännötTietoturvasuunnitelma
Approval process that includes the customer for high-risk administrator rights
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Approval process that includes the customer for high-risk administrator rights

This task helps you comply with the following requirements

No items found.
Using unique user names
Critical
High
Normal
Low
10
requirements
System management
Access control and authentication

Using unique user names

This task helps you comply with the following requirements

UAC-02: User authenticationCyber Essentials
A.11.8: Unique use of user IDsISO 27018
PR.AC-6: Proof of identityNIST
TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnuksetJulkri
TEK-08.1: Tietojenkäsittely-ympäristön toimijoiden tunnistaminenJulkri
PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.CyberFundamentals
2.6.5: Minimise privileges for management accountsNSM ICT-SP
2.6.1: Create guidelines for access controlNSM ICT-SP
PR.AA-02: Binding identities to credentials based on interaction contextNIST 2.0
Minimizing and monitoring log data access
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Minimizing and monitoring log data access

This task helps you comply with the following requirements

3.14: Log Sensitive Data AccessCIS 18
Changing default passwords
Critical
High
Normal
Low
4
requirements
System management
Access control and authentication

Changing default passwords

This task helps you comply with the following requirements

SEC-02: Changing default passwordsCyber Essentials
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
2.3.7: Change all standard passwords on ICT products before deploymentNSM ICT-SP
Reviewing password practices on password protected systems
Critical
High
Normal
Low
7
requirements
System management
Access control and authentication

Reviewing password practices on password protected systems

This task helps you comply with the following requirements

SEC-06: Reviewing password practices on password protected systemsCyber Essentials
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
2.6.7: Use multifactor authenticationNSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privilegesNSM ICT-SP
5.2: Use Unique PasswordsCIS 18
4.10: Enforce Automatic Device Lockout on Portable End-User DevicesCIS 18
Descriptions of different access rights management processes
Critical
High
Normal
Low
11
requirements
System management
Access control and authentication

Descriptions of different access rights management processes

This task helps you comply with the following requirements

14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politikaNIS2 Lithuania
ACCESS-1: Establish Identities and Manage AuthenticationC2M2
I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTIKatakri 2020
4.5: Käyttöoikeuksien hallintaTiHL tietoturvavaatimukset
4.2.1: Access ManagementTISAX
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
1.3.1: Identify the users of the information systemsNSM ICT-SP
2.6.2: Establish a formal process for administration of accounts, access rights and privilegesNSM ICT-SP
2.2.6: Control access to services based on knowledge of users and devicesNSM ICT-SP
6.8: Define and Maintain Role-Based Access ControlCIS 18
Total record of authorized users for offered cloud services
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Total record of authorized users for offered cloud services

This task helps you comply with the following requirements

A.11.9: Records of authorized usersISO 27018
Secure management of de-activated or expired user IDs
Critical
High
Normal
Low
5
requirements
System management
Access control and authentication

Secure management of de-activated or expired user IDs

This task helps you comply with the following requirements

A.11.10: User ID managementISO 27018
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes.CyberFundamentals
2.6.2: Establish a formal process for administration of accounts, access rights and privilegesNSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privilegesNSM ICT-SP
PR.AA-01: Management of identities and credentialsNIST 2.0
Features and instructions for user registration and de-registration in offered cloud services
Critical
High
Normal
Low
6
requirements
System management
Access control and authentication

Features and instructions for user registration and de-registration in offered cloud services

This task helps you comply with the following requirements

9.2.1: User registration and de-registrationISO 27017
9.2: User access managementISO 27018
9.2.1: User registration and de-registrationISO 27018
PR.AC-1: Identity and credential managementNIST
PR.AC-6: Proof of identityNIST
PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.CyberFundamentals
Features and instructions for access management in offered cloud services
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Features and instructions for access management in offered cloud services

This task helps you comply with the following requirements

9.2.2: User access provisioningISO 27017
PR.AC-1: Identity and credential managementNIST
Limitation of privileged utility programs
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Limitation of privileged utility programs

This task helps you comply with the following requirements

9.4.4: Use of privileged utility programsISO 27001
8.18: Use of privileged utility programsISO 27001
Limitation of privileged of utility programs in relation to offered cloud services
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Limitation of privileged of utility programs in relation to offered cloud services

This task helps you comply with the following requirements

9.4.4: Use of privileged utility programsISO 27017
Access rights are managed by the principle of the least privilege
Critical
High
Normal
Low
15
requirements
System management
Access control and authentication

Access rights are managed by the principle of the least privilege

This task helps you comply with the following requirements

PR.AC-4: Access permissions and authorizationsNIST
I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTIKatakri 2020
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.CyberFundamentals
2.6.4: Minimise privileges for end users and special usersNSM ICT-SP
2.6.5: Minimise privileges for management accountsNSM ICT-SP
2.6.1: Create guidelines for access controlNSM ICT-SP
PR.AA-05: Principles of least privilege and separation of dutiesNIST 2.0
6.8: Define and Maintain Role-Based Access ControlCIS 18
§ 10.c: Nettverkssegmentering og privilegierNIS2 NO
§ 12: Sikkerhetstiltak for personellNIS2 NO
Authentication of identities and binding to user data
Critical
High
Normal
Low
12
requirements
System management
Access control and authentication

Authentication of identities and binding to user data

This task helps you comply with the following requirements

PR.AC-6: Proof of identityNIST
ACCESS-1: Establish Identities and Manage AuthenticationC2M2
4.1.3: Management of users in data systemsTISAX
PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.CyberFundamentals
PR.AC-7: Identities are proofed, bound to credentials and asserted in interactions.CyberFundamentals
1.3.1: Identify the users of the information systemsNSM ICT-SP
PR.AA-01: Management of identities and credentialsNIST 2.0
PR.AA-02: Binding identities to credentials based on interaction contextNIST 2.0
PR.AA-04: Identity assertionsNIST 2.0
Article 33: Access ControlDORA simplified RMF
Hallintayhteyksien vahva tunnistaminen julkisessa verkossa
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Hallintayhteyksien vahva tunnistaminen julkisessa verkossa

This task helps you comply with the following requirements

TEK-04.1: Hallintayhteydet - vahva tunnistaminen julkisessa verkossaJulkri
Hallintayhteyksien rajaaminen
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Hallintayhteyksien rajaaminen

This task helps you comply with the following requirements

TEK-04.3: Hallintayhteydet - vähimmät oikeudetJulkri
I-04: TIETOJENKÄSITTELY-YMPÄRISTÖJEN SUOJATTU YHTEENLIITTÄMINEN – HALLINTAYHTEYDETKatakri 2020
Henkilökohtaiset tunnukset hallintayhteyksien käytössä
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Henkilökohtaiset tunnukset hallintayhteyksien käytössä

This task helps you comply with the following requirements

TEK-04.4: Hallintayhteydet - henkilökohtaiset tunnuksetJulkri
Hallintayhteyksien rajaaminen turvallisuusluokittain
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Hallintayhteyksien rajaaminen turvallisuusluokittain

This task helps you comply with the following requirements

TEK-04.5: Hallintayhteydet - yhteyksien rajaaminen turvallisuusluokittainJulkri
I-04: TIETOJENKÄSITTELY-YMPÄRISTÖJEN SUOJATTU YHTEENLIITTÄMINEN – HALLINTAYHTEYDETKatakri 2020
Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely

This task helps you comply with the following requirements

TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminenJulkri
Locking of user IDs for repeated failed authentications
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Locking of user IDs for repeated failed authentications

This task helps you comply with the following requirements

TEK-08.3: Tietojenkäsittely-ympäristön toimijoiden tunnistaminenJulkri
TEK-08.2: Tietojenkäsittely-ympäristön toimijoiden tunnistaminenJulkri
Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Tietojärjestelmien tärkeimpien ylläpitotehtävien valvonta ja eriyttäminen (TL III)

This task helps you comply with the following requirements

TEK-07.5: Pääsyoikeuksien hallinnointi - TL IIIJulkri
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL III, ST III-II)
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL III, ST III-II)

This task helps you comply with the following requirements

TEK-08.5: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL IIIJulkri
I-07: MONITASOINEN SUOJAAMINEN – TIETOJENKÄSITTELY-YMPÄRISTÖN TOIMIJOIDEN TUNNISTAMINEN FYYSISESTI SUOJATUN TURVALLISUUSALUEEN SISÄLLÄKatakri 2020
Separate approval process for high confidentiality access
Critical
High
Normal
Low
3
requirements
System management
Access control and authentication

Separate approval process for high confidentiality access

This task helps you comply with the following requirements

4.2.1: Access ManagementTISAX
6.8: Define and Maintain Role-Based Access ControlCIS 18
Credentials are not transmitted via email
Critical
High
Normal
Low
3
requirements
System management
Access control and authentication

Credentials are not transmitted via email

This task helps you comply with the following requirements

9.2.4: Management of secret authentication information of usersISO 27001
5.17: Authentication informationISO 27001
Preventing outdated authentication methods
Critical
High
Normal
Low
1
requirements
System management
Access control and authentication

Preventing outdated authentication methods

This task helps you comply with the following requirements

2.3.7: Change all standard passwords on ICT products before deploymentNSM ICT-SP
Implementing formal access control processes
Critical
High
Normal
Low
40
requirements
System management
Access control and authentication

Implementing formal access control processes

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
4.1.2: Security of authenticationTISAX
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
2.6.2: Establish a formal process for administration of accounts, access rights and privilegesNSM ICT-SP
2.2.6: Control access to services based on knowledge of users and devicesNSM ICT-SP
2.6.3: Use a centralised tool to manage accounts, access rights and privilegesNSM ICT-SP
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties.CyberFundamentals
14.5.10.b): Prieigos kontrolėNIS2 Lithuania
6.1: Establish an Access Granting ProcessCIS 18
Centralized record of user's access rights to data systems
Critical
High
Normal
Low
29
requirements
System management
Access control and authentication

Centralized record of user's access rights to data systems

This task helps you comply with the following requirements

Članak 30.1.i (Pristup): Politike kontrole pristupaNIS2 Croatia
9.7 §: Pääsynhallinta, todentaminen ja MFAKyberturvallisuuslaki
30 § 3.9° (l'accès): Contrôle d'accèsNIS2 Belgium
2.6.3: Use a centralised tool to manage accounts, access rights and privilegesNSM ICT-SP
14.5.10.b): Prieigos kontrolėNIS2 Lithuania
14.5.12): Kibernetinio saugumo prieigos ir duomenų teisių politikaNIS2 Lithuania
5.1: Establish and Maintain an Inventory of AccountsCIS 18
5.6: Centralize Account ManagementCIS 18
27.(g): Piekļuves kontrole un daudzfaktoru autentifikācija (MFA)NIS2 Latvia
Art. 24.2.i.2 (Controllo degli accessi): Sicurezza e affidabilita' del personale, politiche di controllo dell'accesso e gestione dei beni e degli assettiNIS2 Italy
Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely
Critical
High
Normal
Low
2
requirements
System management
Access control and authentication

Käyttöoikeuspyyntöjä hyväksyvien henkilöiden ja roolien määrittely

This task helps you comply with the following requirements

6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiinOmavalvontasuunnitelma
6.7: Käyttövaltuuksien hallinnan ja tunnistautumisen käytännötTietoturvasuunnitelma
Secure identification of systems with admin-rights
Critical
High
Normal
Low
3
requirements
System management
Access control and authentication

Secure identification of systems with admin-rights

This task helps you comply with the following requirements

TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminenJulkri
2.6.4: Minimise privileges for end users and special usersNSM ICT-SP
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Access control and authentication
of the framework  
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security