|
PR.AA-05.2: It shall be determined who needs access to the organisation's business-critical information and technology and the means to gain access.
|
http://cyfun.data.gift/data/requirement_PR_AA_05_2
|
23 |
|
PR.AA-05.3: A ccess rights, privileges and authorisations shall be restricted to the systems and specific information needed to perform the tasks (the principle of Least Privilege).
|
http://cyfun.data.gift/data/requirement_PR_AA_05_3
|
23 |
|
PR.AA-05.4: No one shall have administrative privileges for routine day-to-day tasks.
|
http://cyfun.data.gift/data/requirement_PR_AA_05_4
|
23 |
|
PR.AA-05.5: Where technically, operationally, and economically feasible — without compromising system integrity, safety, or compliance — automated mechanisms shall be imple- mented to manage user accounts on critical ICT and OT systems. Feasibility shall be determined based on system capabilities, integration potential, risk assessment, and business impact.
|
http://cyfun.data.gift/data/requirement_PR_AA_05_5
|
19 |
|
PR.AA-05.6: Separation of duties (SoD) shall be ensured in the management of access rights.
|
http://cyfun.data.gift/data/requirement_PR_AA_05_6
|
19 |
|
PR.AA-05.7: Privileged users shall be managed and monitored.
|
http://cyfun.data.gift/data/requirement_PR_AA_05_7
|
19 |
|
PR.AA-05.8: Account usage restrictions for specific time periods and locations shall be taken into account in the organisation's security access policy and applied accordingly.
|
http://cyfun.data.gift/data/requirement_PR_AA_05_8
|
17 |
|
PR.AA-05.9: Privileged users shall be managed, monitored and audited.
|
http://cyfun.data.gift/data/requirement_PR_AA_05_9
|
17 |
|
PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties
|
http://cyfun.data.gift/data/nist_subcategory_PR_AA_05
|
5 |
|
PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties
|
http://cyfun.data.gift/data/subcategory_PR.AA-05
|
33 |
|
PR.AA-06.1: Physical access to all organisational assets, including critical zones, shall be managed, monitored, and enforced based on risk.
|
http://cyfun.data.gift/data/requirement_PR_AA_06_1
|
21 |
|
PR.AA-06.2: Physical access controls shall include specific procedures for emergency situations, ensuring continued protection of critical and non-critical assets during such events.
|
http://cyfun.data.gift/data/requirement_PR_AA_06_2
|
19 |