Content library
Julkri: TL IV-I
TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

How to fill the requirement

Julkri: TL IV-I

TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen

Task name
Priority
Status
Theme
Policy
Other requirements
Defining and documenting accepted authentication methods
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
9.1.1: Access control policy
ISO27 Full
9.2.4: Management of secret authentication information of users
ISO27 Full
9.4.2: Secure log-on procedures
ISO27 Full
6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin
Self-monitoring
1. Task description

The organization has predefined authentication methods that employees should prefer when using data systems.

When using cloud services, the user can often freely decide how he or she authenticates with the service. A single centralized authentication account (such as a Google or Microsoft 365 account) can help close a large number of access rights at once when the main user account that acts as the authentication method is closed.

Use of multi-factor authentication for important data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
9.4.2: Secure log-on procedures
ISO27 Full
9.1.1: Access control policy
ISO27 Full
PR.AC-7: User, device, and other asset authentication
NIST
TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
1. Task description

Systems containing important information should be logged in using a multi-authentication logon, also known as either “two-factor”, “multi-factor” or “dual factor” authentication.

For example, when first logging in with a password, a one-time authentication code can also be sent to the user as a text message. In this case, he has been identified by two factors (knowing the password and owning the phone).

Biometric identifiers (eg fingerprint) and other devices can also be used for two-stage authentication. However, it is worth considering the costs and implications for privacy.

Avoiding and documenting shared user accounts
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
32. Security of processing
GDPR
9.2.4: Management of secret authentication information of users
ISO27 Full
TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
5.16: Identity management
ISO27k1 Full
1. Task description

Shared accounts should only be allowed if they are necessary for business or operational reasons and should be separately approved and documented.

If shared accounts are used for admin purposes, passwords must be changed as soon as possible after any user with admin rights leaves their job.

Secure identification of systems with admin-rights
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

TEK-08: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Julkri
1. Task description

The organization must use digital certificates or other similar arrangements to achieve a strong level of authentication equivalent to multi-step authentication for system identities handling maintenance rights or sensitive information.

No items found.