...
- Getting Started | Overview | Resources | Standards
- Business Requirements of Access Control (ISO 9.1)
- User Access Management (ISO 9.2)
- User Responsibilities (ISO 9.3)
- Operating System and Application Access Control (ISO 9.4)
| Anchor | ||||
|---|---|---|---|---|
|
...
| Anchor | ||||
|---|---|---|---|---|
|
Business Requirements of Access Control
...
| Panel | ||
|---|---|---|
| ||
Objective: To describe what institutions need to take into account in establishing and documenting the rules that control the access, authorization, and dissemination of information and restricting the access to institutional networks. |
...
| Anchor | ||||
|---|---|---|---|---|
|
User Access Management
...
| Panel | ||
|---|---|---|
| ||
Objective: To cover of the stages of user access life-cycle - from determining the types and affiliation of institutional users and their corresponding privileges to procedures to revoke and disable their access. |
...
| Anchor | ||||
|---|---|---|---|---|
|
User Responsibilities
...
| Panel | ||
|---|---|---|
| ||
Objective: To underscore the importance of the active participation of users in safeguarding the access privileges and credentials and privileges provided to them and practices needed to prevent the unauthorized user access and disclosure of privileged information. |
...
- Access data in order to comply with the duties of their role or job duties on a need to know basis.
- Not attempt to access data or programs contained on systems for which they do not have authorization or consent.
- Not share their computer/network account, password, personal identification number (PIN), digital certificate, security token (i.e. Smartcard), or any other device used for identification and authorization purposes.
- Not share digital certificate passwords used for digital signatures.
- Not circumvent password entry through use of auto logon, application "remember password" features, embedded scripts or hard-coded passwords in client software.
- Password-protect their desktops/laptops when left unattended
Top of page
| Anchor | ||||
|---|---|---|---|---|
|
Operating System and Applications Access Controls
...
| Panel | ||
|---|---|---|
| ||
Objective: To cover the mechanisms that an institution can use to ensure that only authorized users have access to institutional computing devices. |
...