Access Control

The institution shall limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).
The institution shall limit system access to the types of transactions and functions that authorized users are permitted to execute (role-based access control).
The institution shall have a procedure for removal of access rights (termination) for all departing or resigning personnel, both employees and contractors/third parties. This procedure shall coordinate management decisions with the system administrator/personnel who is responsible for executing system access termination.
In case of malicious activity done by the employee, or contractor (third-party employee), access rights shall be immediately revoked according to the incident response procedure.

Objectives

Benefits

Scope

Network design

Network Implementation

Network Management

User devices

Precaution measures

Stolen computers

User responsibilities

Hardware acquisition, maintenance

Hardware disposal

Software applications

Data

Business Continuity (BC) and Disaster Recovery (DR)

User collaboration and email service

Password Policy

Email Accounts

System access and authorization

Security Policy and Procedures

Minimizing the exposure of systems to External Networks

Access Control

Implement network segmentation

Institution awareness and Training

Audit and Accountability

Configuration Management

Identity Management and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Risk Assessment

System and Communications Protection

System and Information Integrity

Personally identifiable information (PII) Processing and Transparency

Contingency Planning

Supply Chain Risk Management

Passwords Protection

Assessment of the current situationge

Definition of the strategic target position

Definition of gaps

Establishing a roadmap to close the gaps.

Roles and responsibilities

Resources and Impact

Digitalization project initiation

Digitalization project documentation

Digitalization project implementation

Digitalization staff

Digitalization talent and capacity building

Challenge Definition

Ideation Stage

Prototyping

Testing Stage

Implementation

Access Control