Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AA-01.2: Identities and credentials for authorised users, services and hardware shall be managed through automated mechanisms whenever feasible. |
|
PR.AA-01.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p84 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p62 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of credential misuse and unauthorised access by automating identity and credential management processes, ensuring consistency, scalability, and security across IT and OT environments. To achieve this goal, the organisation should: - Automate Credential Management Automated systems should be used to issue, verify, revoke, and audit credentials for users, services, and hardware. This reduces manual errors and improves operational efficiency. - Implement Strong Authentication Mechanisms In alignment with control PR.AA-03.2, MFA shall be required for all remote access to the organisation’s networks. Multifactor authentication (MFA) should use at least two independent factors: - Knowledge (e.g. password or PIN) - Possession (e.g. token or smartphone) - Inherence (e.g. fingerprint or facial recognition) These factors should be independent to ensure that compromise of one does not affect the others. - Use Cryptographic and Token-Based Solutions Digital certificates and identity tokens should be used to authenticate users, devices, and services, especially in OT environments where manual credential handling may be impractical. - Ensure OT-Specific Integration Identityandaccessmanagementsolutionsshouldsupport OTsystems,including legacydevicesandvendor- managed components, with minimal disruption to operations. Where individual user accounts are not feasible (e.g. shared access to PLCs or HMIs), access should be routed through secure jump servers with logging and additional authentication layers. Remote access to OT systems should use secure protocols (e.g. VPN, SSH, TLS), be time-limited (Just-In-Time), and be fully monitored. |
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of credential misuse and unauthorised access by automating identity and credential management processes, ensuring consistency, scalability, and security across IT and OT environments. To achieve this goal, the organisation should: • Automate Credential Management Automated systems should be used to issue, verify, revoke, and audit credentials for users, services, and hardware. This reduces manual errors and improves operational efficiency. • Implement Strong Authentication Mechanisms In alignment with control PR.AA-03.2, MFA shall be required for all remote access to the organisation’s networks. Multifactor authentication (MFA) should use at least two independent factors: o Knowledge (e.g. password or PIN) o Possession (e.g. token or smartphone) o Inherence (e.g. fingerprint or facial recognition) These factors should be independent to ensure that compromise of one does not affect the others. • Use Cryptographic and Token-Based Solutions Digital certificates and identity tokens should be used to authenticate users, devices, and services, especially in OT environments where manual credential handling may be impractical. • Ensure OT-Specific Integration Identityandaccessmanagementsolutionsshouldsupport OTsystems,including legacydevicesandvendor- managed components, with minimal disruption to operations. Where individual user accounts are not feasible (e.g. shared access to PLCs or HMIs), access should be routed through secure jump servers with logging and additional authentication layers. Remote access to OT systems should use secure protocols (e.g. VPN, SSH, TLS), be time-limited (Just-In-Time), and be fully monitored. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to reduce the risk of credential misuse and unauthorised access by automating identity and credential management processes, ensuring consistency, scalability, and security across IT and OT environments. To achieve this goal, the organisation should:</p><ul><li>Automate Credential Management Automated systems should be used to issue, verify, revoke, and audit credentials for users, services, and hardware. This reduces manual errors and improves operational efficiency.</li><li>Implement Strong Authentication Mechanisms In alignment with control PR.AA-03.2, MFA shall be required for all remote access to the organisation’s networks. Multifactor authentication (MFA) should use at least two independent factors:<ul><li>Knowledge (e.g. password or PIN)</li><li>Possession (e.g. token or smartphone)</li><li>Inherence (e.g. fingerprint or facial recognition) These factors should be independent to ensure that compromise of one does not affect the others.</li></ul></li><li>Use Cryptographic and Token-Based Solutions Digital certificates and identity tokens should be used to authenticate users, devices, and services, especially in OT environments where manual credential handling may be impractical.</li><li>Ensure OT-Specific Integration Identityandaccessmanagementsolutionsshouldsupport OTsystems,including legacydevicesandvendor- managed components, with minimal disruption to operations. Where individual user accounts are not feasible (e.g. shared access to PLCs or HMIs), access should be routed through secure jump servers with logging and additional authentication layers. Remote access to OT systems should use secure protocols (e.g. VPN, SSH, TLS), be time-limited (Just-In-Time), and be fully monitored.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of credential misuse and unauthorised access by automating identity and credential management processes, ensuring consistency, scalability, and security across IT and OT environments. To achieve this goal, the organisation should: - Automate Credential Management Automated systems should be used to issue, verify, revoke, and audit credentials for users, services, and hardware. This reduces manual errors and improves operational efficiency. - Implement Strong Authentication Mechanisms In alignment with control PR.AA-03.2, MFA shall be required for all remote access to the organisation’s networks. Multifactor authentication (MFA) should use at least two independent factors: - Knowledge (e.g. password or PIN) - Possession (e.g. token or smartphone) - Inherence (e.g. fingerprint or facial recognition) These factors should be independent to ensure that compromise of one does not affect the others. - Use Cryptographic and Token-Based Solutions Digital certificates and identity tokens should be used to authenticate users, devices, and services, especially in OT environments where manual credential handling may be impractical. - Ensure OT-Specific Integration Identityandaccessmanagementsolutionsshouldsupport OTsystems,including legacydevicesandvendor- managed components, with minimal disruption to operations. Where individual user accounts are not feasible (e.g. shared access to PLCs or HMIs), access should be routed through secure jump servers with logging and additional authentication layers. Remote access to OT systems should use secure protocols (e.g. VPN, SSH, TLS), be time-limited (Just-In-Time), and be fully monitored. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AA-01.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Automated identity and credential management |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Identities and credentials for authorised users, services and hardware shall be managed through automated mechanisms whenever feasible. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1