A.9.4.4: Use of Privileged Utility Programs
Restrict and control the use of privileged utility programs.
A.9.4.3: Password Management System
Ensure that the password management system is interactive and ensures quality passwords.
A.9.4.2: Secure Log-on Procedures
Ensure that access to systems and applications is controlled by a secure log-on procedure.
A.9.4.1: Information Access Restriction
Restrict access to information and application system functions in accordance with the access control policy.
A.9.3.1: Use of Secret Authentication Information
Require users to follow the organization’s practices for the use of secret authentication information.
A.9.2.6: Removal or Adjustment of Access Rights
Ensure that access rights of all employees, contractors, and third-party users to information and information processing facilities are removed upon termination of their employment, contract, or agreement.
A.9.2.4: Management of Secret Authentication Information of Users
Control the allocation and use of secret authentication information.
A.9.2.3: Management of Privileged Access Rights
Control the allocation and use of privileged access rights.
A.9.2.2: User Access Provisioning
Ensure that user access provisioning is in accordance with the access control policy.