R034. Manage user accounts

Requirement

The system must allow superusers or system administrators to disable user accounts.

References

  1. HIPAA Security Rules 164.308(a)(3)(ii)(A): Authorization and/or supervision (Addressable): Implement procedures for the authorization and/or supervision of workforce members who work with electronic protected health information or in locations where it might be accessed.

  2. ISO 27001:2013. Annex A - 9.2.1 Implement a formal process for user registration and deletion in order to enable access rights assignation.

  3. ISO 27001:2013. Annex A - 9.2.2 Implement a formal access granting process to assign or revoke access rights to all types of users to systems and services.

  4. NERC CIP-004-6. B. Requirements and measures. R5 Each Responsible Entity shall implement one or more documented access revocation program(s).

  5. PCI DSS v3.2.1 - Requirement 8.1.2 Control addition, deletion, and modification of user IDs, credentials, and other identifier objects.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy