Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-2-1

Cybersecurity Requirements For Identity And Access Management Must Be Defined, Documented And Approved.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-2-2

The Cybersecurity Requirements For Identity And Access Management Must Be Implemented.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-2-3

  1. The cybersecurity requirements for identity and access management must include at least the following:
    1. Single-factor authentication based on username and password.
    2. Multi-factor authentication for remote access, defining suitable authentication factors, number of factors and suitable technique based on the result of impact assessment of authentication failure and bypass for remote access.
    3. User authorization based on identity and access control principles: Need-to-Know and Need-to-Use, Least Privilege and Segregation of Duties.
    4. Privileged access management.
    5. Periodic review of users’ identities and access rights.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-2-4

The Implementation Of The Cybersecurity Requirements For Identity And Access Management Must Be Reviewed Periodically.
View Requirement