|
ID: IDENTIFY
|
http://cyfun.data.gift/data/function_ID
|
22 |
|
ID: IDENTIFY
|
http://cyfun.data.gift/data/nist_function_ID
|
5 |
|
PR.AA-01.1: Identities and credentials for authorised users, services, and hardware shall be managed.
|
http://cyfun.data.gift/data/requirement_PR_AA_01_1
|
23 |
|
PR.AA-01.2: Identities and credentials for authorised users, services and hardware shall be managed through automated mechanisms whenever feasible.
|
http://cyfun.data.gift/data/requirement_PR_AA_01_2
|
19 |
|
PR.AA-01.3: System credentials shall be deactivated after a specified period of inactivity unless it would compromise the safe operation of (critical) processes.
|
http://cyfun.data.gift/data/requirement_PR_AA_01_3
|
17 |
|
PR.AA-01.4: For transactions within the organisation's critical systems, the organisation shall implement Multi Factor Authentication (MFA), cryptographic certificates, identity tokens, cryptographic keys and other credentials as appropriate and where feasible.
|
http://cyfun.data.gift/data/requirement_PR_AA_01_4
|
17 |
|
PR.AA-01.5: The organisation’s critical systems shall be monitored for atypical use of system credentials. Credentials associated with significant risk shall be disabled.
|
http://cyfun.data.gift/data/requirement_PR_AA_01_5
|
17 |
|
PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization
|
http://cyfun.data.gift/data/nist_subcategory_PR_AA_01
|
5 |
|
PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization
|
http://cyfun.data.gift/data/subcategory_PR.AA-01
|
25 |
|
PR.AA-02.1: The organisation shall implement documented procedures for verifying the identity of individuals before issuing credentials that provide access to the organisation's systems.
|
http://cyfun.data.gift/data/requirement_PR_AA_02_1
|
19 |
|
PR.AA-02.2: The organisation shall ensure that unique credentials are used for each authenti- cated user, device, and process interacting with the organisation's critical systems. These credentials shall be verified, and the unique identifiers shall be captured during system interactions. Exceptions may be made for emergency access ("break- glass" procedures), provided such access is strictly controlled, logged, and reviewed.
|
http://cyfun.data.gift/data/requirement_PR_AA_02_2
|
17 |
|
PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions
|
http://cyfun.data.gift/data/nist_subcategory_PR_AA_02
|
5 |