Essential Cybersecurity Controls (ECC – 2 : 2024) 2-2-3 Requirement:
- The cybersecurity requirements for identity and access management must include at least the following:
- Single-factor authentication based on username and password.
- Multi-factor authentication for remote access, defining suitable authentication factors, number of factors and suitable technique based on the result of impact assessment of authentication failure and bypass for remote access.
- User authorization based on identity and access control principles: Need-to-Know and Need-to-Use, Least Privilege and Segregation of Duties.
- Privileged access management.
- Periodic review of users’ identities and access rights.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you