Beruflich Dokumente
Kultur Dokumente
Control
02. Privilege
management
02. Privilege
management
03. Equipment
identification in
networks
05. Segregation in
networks
03. Password
management system
06. Limitation of
connection time
02. Teleworking
01. Security
requirements analysis
and specification
Metrics
Indicator
0 No formal process
password
use isexists
documented
security for
exception
process
1 The
organization
has
established
a formal
password
management system(which includes a signed s
A process
exists to
identify
and gain
management
approval
that
passwords
will
remain
confidential
to
the
individual/group)
2 Above, plus exceptions are only granted by management for a limited period of time
2
plus the
allocation/issue
of passwords
by a central
function(which
verifies use
3 Above,
All the above,
plus
each exception
is based onisacontrolled
risk assessment
and a IT
corrective
action plan
before
password
delivering)
4 All the
above, plus
exceptions are reviewed regularly to control progress toward goals
3 All the above, plus allocation/issue of passwords is dependent on the requesting line manager and p
are unique and not guessable
4 All the above, plus all user(and acknowledge receipt) and manager requests and compliance statem
retained
0
1
2
3
4
0
1
2
3
4
0
1
2
3
4
0
1
2
3
4
Previous
Progress
Goal
Evidence
Task forces
Entregables