Authorization
Use the principle of deny by default
Summary The system should set minimal or no permissions for new users/roles and users/roles should not receive access to new features until it is explicitly granted. Description Systems should have a set of roles with different levels of privilege to ...
Deny access with inactive credentials
Summary The system must not allow users to authenticate with expired, revoked or blocked credentials. Description . Inactive credentials pose a security risk to organizations. Each one of these accounts offers a malicious actor an opportunity to gain ...
Set user's required privileges
Summary The privileges required by the users who will access the system must be defined. Description Systems should have a set of roles with different levels of privileges to access resources. The privileges of each role must be clearly defined and ...
Define users with privileges
Summary The users that will access the system with administrator or root privileges must be defined. Description Systems should have a set of roles with different levels of privilege to access resources. The privileges of each role must be clearly ...
Manage privilege modifications
Summary The system must not allow system actors to modify privileges for themselves. Description Systems should have a set of roles with different levels of privilege to access resources. The privileges of each role must be clearly defined and the ...
Manage user accounts
Summary The system must allow superusers or system administrators to disable user accounts. Description This is a security measure designed to provide administrators with the capability to deactivate or disable user accounts within a system. This ...
Restrict administrative access
Summary If the system has an administration mechanism, it must only be accessible from administrative network segments. Description Network access to modules or system management mechanisms must be limited to the parties that require access to them ...