R257. Access based on user credentials

Requirement

Physical access to the network for users must be assigned based on organizational user credentials (e.g. NAC 802.1x).

References

  1. CIS Controls. 1.7 Deploy Port Level Access Control. Utilize port level access control, following 802.1x standards, to control which devices can authenticate to the network.

  2. HIPAA Security Rules 164.312(e)(1): Transmission Security: Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

  3. ISO 27001:2013. Annex A - 9.1.2 Users should only have access to the internal network and network services for which they have been explicitly authorized.

  4. NIST 800-53 IA-2 Identification and authentication: The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy