Content library
Julkri: TL IV-I
TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen

How to fill the requirement

Julkri: TL IV-I

TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen

Task name
Priority
Status
Theme
Policy
Other requirements
Tietojärjestelmien turvallisuusluokiteltujen tietojen erittely
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen
Julkri
1. Task description

Limiting access rights in accordance with the principle of least rights can reduce both intentional and unintentional actions, as well as the risks caused by, for example, malware.

Security-classified information in information systems is separated according to the principle of least rights by means of user rights and system handling rules or by other similar procedures.

Separation can be carried out:

  • separation at the logical level (e.g. servers virtualization and restricted network disk folders)
  • with reliable logical separation (e.g. approved encrypted virtual machines on customer-specifically reserved physical disks of the disk system, and approved encryption of data or communication on shared network devices)
  • with physical separation (physical disks reserved per data owner devices) (also suitable for higher security categories)
Use of dedicated admin accounts in critical data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

9.2.3: Management of privileged access rights
ISO27 Full
UAC-05: Administrative account usage
Cyber Essentials
TEK-07.2: Pääsyoikeuksien hallinnointi - pääsyoikeuksien rajaaminen
Julkri
8.2: Privileged access rights
ISO27k1 Full
CC6.3: Management of access to data based on roles and responsibilities
SOC 2
1. Task description

Especially in the main identity management systems (e.g. Microsoft 365, Google), administrator accounts have very significant rights. These accounts are often the target of scammers and attacks because of their value. For this reason, it is useful to dedicate administrator accounts to administrative use only, and to not use these accounts for everyday use or, for example, when registering with other online services.

Need to know -principle in access management
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

I06: Pääsyoikeuksien hallinnointi
Katakri
9.1.1: Access control policy
ISO27 Full
PR.AC-4: Access permissions and authorizations
NIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminen
Julkri
HAL-14: Käyttö- ja käsittelyoikeudet
Julkri
1. Task description

The need-to-know principle grants access only to information that an individual needs to perform his or her task. Different tasks and roles have different information needs and thus different access profiles.

Separation of tasks means that conflicting tasks and responsibilities must be separated in order to reduce the risk of unauthorized or unintentional modification or misuse of the organisation's protected assets.

No items found.