Identity and Access Management (IAM)

Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures.

Login

Identity and Access Management (IAM)

Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs.

Login

Identity and Access Management (IAM)

Define, implement and evaluate processes, procedures and technical measures for authenticating access to systems, application and data assets, including multifactor authentication for at least privileged user and sensitive data access. Adopt digital certificates or alternatives which achieve an equivalent level of security for system identities.

Login

Identity and Access Management (IAM)

Define, implement and evaluate processes, procedures and technical measures for the secure management of passwords.

Login

Identity and Access Management (IAM)

Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized.

Login

Interoperability and Portability (IPY)

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for interoperability and portability including requirements for: a. Communications between application interfaces b. Information processing interoperability c. Application development portability d. Information/Data exchange, usage, portability, integrity, and persistence Review and update the policies and procedures at least annually.

Login

Interoperability and Portability (IPY)

Provide application interface(s) to CSCs so that they programmatically retrieve their data to enable interoperability and portability.

Login

Interoperability and Portability (IPY)

Implement cryptographically secure and standardized network protocols for the management, import and export of data.

Login

Interoperability and Portability (IPY)

Agreements must include provisions specifying CSCs access to data upon contract termination and will include: a. Data format b. Length of time the data will be stored c. Scope of the data retained and made available to the CSCs d. Data deletion policy

Login

Infrastructure and Virtualization Security (IVS)

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for infrastructure and virtualization security. Review and update the policies and procedures at least annually.

Login