🏛️
The Common Policy and Standard Framework
  • Overview
    • Welcome
    • Style Guide
  • People Policies
    • Acceptable Use Policy
    • Human Resource Policy
  • Technology Policies
    • Cybersecurity Policy
      • Awareness & Training Requirements
      • Authentication Requirements
      • Identity & Access Requirements
    • Data Policy
  • Supporting Content
    • Approved Software
Powered by GitBook
On this page
  • Introduction
  • Scope
  • Requirements
  • Identify Verification
  • Logical Access
  • Physical Access
  1. Technology Policies
  2. Cybersecurity Policy

Identity & Access Requirements

Introduction

This document establishes the minimum security requirements needed to identify users on systems and allocate access.

Scope

This policy applies to all individuals who access company-provided systems. Whether you’re an employee, contractor, or visitor, these guidelines govern your use of networks, devices, and software.

Requirements

Identify Verification

Identities are proofed and bound to credentials based on the context of interactions.

Logical Access

Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties.

  • Require that users (or roles) with privileged accounts use non-privileged accounts when accessing nonsecurity functions or nonsecurity information.

  • Review the privileges assigned to roles or classes of users annually to validate the need for such privileges.

Physical Access

Physical access to assets is managed, monitored, and enforced commensurate with risk.

PreviousAuthentication RequirementsNextData Policy

Last updated 1 year ago

Page cover image