Young hacker smiling

We hack your software

zero false positives

Expert intelligence + specialized technology

REQ.095 Define users with privileges

This document contains the details of the security requirements related to the definition and management of access control in the organization. This requirement establishes the importance of defining the users with administrator and root privileges in the system.

Requirement

The users that will access the system with administrator or root privileges must be defined.

References

  1. HIPAA Security Rules 164.308(a)(3)(i): Workforce Security: Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information.

  2. HIPAA Security Rules 164.310(a)(2)(iii): Access Control and Validation Procedures: Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.

  3. NIST 800-53 AC-2 (6) The information system implements the following dynamic privilege management capabilities: [Assignment: organization-defined list of dynamic privilege management capabilities].

  4. NIST 800-53 AC-2 (7) a The organization establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles.

  5. NIST 800-53 AC-2 (7) b The organization monitors privileged role assignments.

  6. NIST 800-53 AC-2 (7) c The organization Takes [Assignment: organization-defined actions] when privileged role assignments are no longer appropriate.


Service status - Terms of Use