REQ.265 Restrict access to critical processes
This document contains the details of the security requirements related to the definition and management of resources and services in the organization. This requirement establishes the importance of restricting access to critical business processes, allowing only authorized users.
Requirement
System must restrict access to system functions that execute critical business processes, it will only allow authorized users.
References
-
NIST 800-53 IA-2 Identification and authentication: The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).