Guidelines on User Access Management
User access management is the process of creating, managing and securing user accounts on software systems. Key guidelines on user access management include:
Authorized access [Mandatory]
Only authorized users should be granted access to Government software applications. User access p...
Termination of user accounts [Mandatory]
User accounts should be terminated or disabled when a user leaves the institution. There should b...
Third parties access[Mandatory]
Third parties should not be provided access to software in a production/live environment unless t...
Generic or shared user accounts[Mandatory]
User accounts should not be generic or shared but traceable to specific individuals for purposes ...
Securing login credentials [Mandatory]
Users should be made aware to keep login credentials such as User IDs and Passwords confidential ...
Password policies[Mandatory]
Appropriate password policies should be defined covering password expiration period, password com...
Multi-Factor Authentication[Mandatory]
Multi-Factor Authentication (MFA) is strongly recommended as the primary authentication method fo...
Biometrics[Recommended]
Biometrics can be considered as an additional layer of authentication where it is available and w...