Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AA-05.8: Account usage restrictions for specific time periods and locations shall be taken into account in the organisation's security access policy and applied accordingly. |
|
PR.AA-05.8 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p98 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal ofthis control is to reduce the risk ofunauthorised access byensuring that account usage is restricted based on time, location, device, and user context. These restrictions should be defined in the organisation’s security access policy and applied consistently across ICT and OT environments. To achieve this goal, the organisation should: • ApplyTime-Based Restrictions o Access to systems should be limited to defined working hours to reduce exposure during off-hours. o Usage durations for certain accounts should be capped to prevent excessive or unattended sessions. • Apply Location-Based Restrictions o Geofencing should be used to allow access only from trusted geographic locations. o IP address filtering should restrict access to known and approved network ranges. • Apply Device-Based Restrictions o Access should be allowed only from managed devices that complywith the organisation’s security policies. o Unmanaged devices should be restricted or granted limited access (e.g. read-only or no access to sensi- tive data). • Apply User-Based Restrictions o Role-BasedAccess Control (RBAC) should ensure users onlyaccess systems and data relevant to their job. o Conditional access policies should require additionalverification (e.g. Multi-FactorAuthentication) in high- risk scenarios. o ContinuousAdaptive Risk andTrustAssessment (CARTA) should be considered to evaluate userand device trust dynamically. This approach aligns with the Zero Trust principle, which assumes no implicit trust for any user or device, even inside the network. • Ensure OT-Specific Feasibility In OTenvironments, restrictions should be adapted to operational and safety requirements. Where technical limitations exist, compensating controls such as physical access restrictions or monitored jump servers should be implemented. • Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which supports contextual access control as part of effective cybersecurity risk management. |
|
A general note, for any purpose. |
The goal ofthis control is to reduce the risk ofunauthorised access byensuring that account usage is restricted based on time, location, device, and user context. These restrictions should be defined in the organisation’s security access policy and applied consistently across ICT and OT environments. To achieve this goal, the organisation should: - ApplyTime-Based Restrictions - Access to systems should be limited to defined working hours to reduce exposure during off-hours. - Usage durations for certain accounts should be capped to prevent excessive or unattended sessions. - Apply Location-Based Restrictions - Geofencing should be used to allow access only from trusted geographic locations. - IP address filtering should restrict access to known and approved network ranges. - Apply Device-Based Restrictions - Access should be allowed only from managed devices that complywith the organisation’s security policies. - Unmanaged devices should be restricted or granted limited access (e.g. read-only or no access to sensi- tive data). - Apply User-Based Restrictions - Role-BasedAccess Control (RBAC) should ensure users onlyaccess systems and data relevant to their job. - Conditional access policies should require additionalverification (e.g. Multi-FactorAuthentication) in high- risk scenarios. - ContinuousAdaptive Risk andTrustAssessment (CARTA) should be considered to evaluate userand device trust dynamically. This approach aligns with the Zero Trust principle, which assumes no implicit trust for any user or device, even inside the network. - Ensure OT-Specific Feasibility In OTenvironments, restrictions should be adapted to operational and safety requirements. Where technical limitations exist, compensating controls such as physical access restrictions or monitored jump servers should be implemented. - Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which supports contextual access control as part of effective cybersecurity risk management. |
|
A general note, for any purpose. |
<div><p>The goal ofthis control is to reduce the risk ofunauthorised access byensuring that account usage is restricted based on time, location, device, and user context. These restrictions should be defined in the organisation’s security access policy and applied consistently across ICT and OT environments. To achieve this goal, the organisation should:</p><ul><li>ApplyTime-Based Restrictions<ul><li>Access to systems should be limited to defined working hours to reduce exposure during off-hours.</li><li>Usage durations for certain accounts should be capped to prevent excessive or unattended sessions.</li></ul></li><li>Apply Location-Based Restrictions<ul><li>Geofencing should be used to allow access only from trusted geographic locations.</li><li>IP address filtering should restrict access to known and approved network ranges.</li></ul></li><li>Apply Device-Based Restrictions<ul><li>Access should be allowed only from managed devices that complywith the organisation’s security policies.</li><li>Unmanaged devices should be restricted or granted limited access (e.g. read-only or no access to sensi- tive data).</li></ul></li><li>Apply User-Based Restrictions<ul><li>Role-BasedAccess Control (RBAC) should ensure users onlyaccess systems and data relevant to their job.</li><li>Conditional access policies should require additionalverification (e.g. Multi-FactorAuthentication) in high- risk scenarios.</li><li>ContinuousAdaptive Risk andTrustAssessment (CARTA) should be considered to evaluate userand device trust dynamically. This approach aligns with the Zero Trust principle, which assumes no implicit trust for any user or device, even inside the network.</li></ul></li><li>Ensure OT-Specific Feasibility In OTenvironments, restrictions should be adapted to operational and safety requirements. Where technical limitations exist, compensating controls such as physical access restrictions or monitored jump servers should be implemented.</li><li>Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which supports contextual access control as part of effective cybersecurity risk management.</li></ul></div> |
|
A general note, for any purpose. |
The goal ofthis control is to reduce the risk ofunauthorised access byensuring that account usage is restricted based on time, location, device, and user context. These restrictions should be defined in the organisation’s security access policy and applied consistently across ICT and OT environments. To achieve this goal, the organisation should: - ApplyTime-Based Restrictions - Access to systems should be limited to defined working hours to reduce exposure during off-hours. - Usage durations for certain accounts should be capped to prevent excessive or unattended sessions. - Apply Location-Based Restrictions - Geofencing should be used to allow access only from trusted geographic locations. - IP address filtering should restrict access to known and approved network ranges. - Apply Device-Based Restrictions - Access should be allowed only from managed devices that complywith the organisation’s security policies. - Unmanaged devices should be restricted or granted limited access (e.g. read-only or no access to sensi- tive data). - Apply User-Based Restrictions - Role-BasedAccess Control (RBAC) should ensure users onlyaccess systems and data relevant to their job. - Conditional access policies should require additionalverification (e.g. Multi-FactorAuthentication) in high- risk scenarios. - ContinuousAdaptive Risk andTrustAssessment (CARTA) should be considered to evaluate userand device trust dynamically. This approach aligns with the Zero Trust principle, which assumes no implicit trust for any user or device, even inside the network. - Ensure OT-Specific Feasibility In OTenvironments, restrictions should be adapted to operational and safety requirements. Where technical limitations exist, compensating controls such as physical access restrictions or monitored jump servers should be implemented. - Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which supports contextual access control as part of effective cybersecurity risk management. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AA-05.8 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Time and location based access restrictions |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Account usage restrictions for specific time periods and locations shall be taken into account in the organisation's security access policy and applied accordingly. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1