Requirement:
The cybersecurity requirements for identity and access management must be implemented.
Control Implementation Guidelines:
- All cybersecurity requirements must be implemented for the organization's approved identity and access management procedures. It is also recommended that the identity and access management cover the following, but not limited to
- User Authentication based on user login management
- Password management based on the organization's password policy
- User authorization management based on a need-to-know and Need-to-use basis
- User authorization management based on least privilege and Segregation of Duties
- Remote access management to the organization's networks
- Access Cancellation and Update Management
Expected Deliverables:
- Action plan for cybersecurity requirements for Identity and Access Management
- Evidence that the identity and access management controls must be implemented on all technical and information assets in the organization, including but not limited to, the configuration of all technical information systems in line with the cybersecurity controls and requirements of identity and access management
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.