The allocation and use of privileged access rights should be restricted and managed.
Access to information and other associated assets should be restricted in accordance with the established topic-specific policy on access control.
Read and write access to source code, development tools and software libraries should be appropriately managed.
Secure authentication technologies and procedures should be implemented based on information access restrictions and the topic-specific policy on access control.
The use of resources should be monitored and adjusted in line with current and expected capacity requirements.
Protection against malware should be implemented and supported by appropriate user awareness.
Information about technical vulnerabilities of information systems in use should be obtained, the organization’s exposure to such vulnerabilities should be evaluated and appropriate measures should be taken.
Configurations, including security configurations, of hardware, software, services and networks should be established, documented, implemented, monitored and reviewed.
Information stored in information systems, devices or in any other storage media should be deleted when no longer required.
Data masking should be used in accordance with the organization’s topic-specific policy on access control and other related topic-specific policies, and business requirements, taking applicable legislation into consideration.
Passcode