Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

REQ.229 Request access credentials

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of requesting access credentials in order to validate the authentication process.

Requirement

The system must request at least one username and password to every actor that tries to authenticate.

References

  1. HIPAA Security Rules 164.312(a)(1): Access Control: Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4)

  2. HIPAA Security Rules 164.312(d): Person or Entity Authentication: Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

  3. HIPAA Security Rules 164.310(a)(2)(iii): Access Control and Validation Procedures: Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.

  4. OWASP-ASVS v3.1-4.4 Verify that access to sensitive records is protected, such that only authorized objects or data is accessible to each user (for example, protect against users tampering with a parameter to see or alter another user’s account).


Service status - Terms of Use