Young hacker smiling

We hack your software

zero false positives

Expert intelligence + specialized technology

REQ.114 Deny access with inactive credentials

This document contains the details of the security requirements related to the definition and management of access control in the organization. This requirement establishes the importance of managing correctly inactive users and credentials in the system in order to avoid security breaches.

Requirement

The system must not allow successful authentication of users with expired, revoked or blocked credentials.

References

  1. HIPAA Security Rules 164.310(a)(2)(iii): Access Control and Validation Procedures: Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.


Service status - Terms of Use