Куда я попал?
ГОСТ Р № 57580.1-2017 от 01.01.2018
Безопасность финансовых (банковских) операций. Защита информации финансовых организаций. Базовый состав организационных и технических мер. Раздел 7. Требования к системе защиты информации
РД.10
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
Guideline for a healthy information system v.2.0 (EN):
8 STANDARD
/STANDARD
In the event of an incident, in order to facilitate the attribution of an action within the information system or the identification of possible compromised accounts easier, access accounts must be nominative.
The use of generic accounts (e.g : admin, user) must be marginal and they must be able to be associated with a limited number of individuals.
Of course, this rule does not stop you from retaining service accounts attributed to an IT process (e.g : apache, mysqld).
In any event, generic and service accounts must be managed according to a policy that is at least as stringent as the one for nominative accounts. Moreover, a nominative administration account, different from the user account, must be attributed to each administrator. The usernames and authentication secrets must be different (e.g : pmartin as a username, adm-pmartin as an admin username). This admin account, having more privileges, must be exclusively dedicated to administration actions. Furthermore, it must be used in environments dedicated to administration in order that no connection traces or password hashes are left in a more exposed environment.
In the event of an incident, in order to facilitate the attribution of an action within the information system or the identification of possible compromised accounts easier, access accounts must be nominative.
The use of generic accounts (e.g : admin, user) must be marginal and they must be able to be associated with a limited number of individuals.
Of course, this rule does not stop you from retaining service accounts attributed to an IT process (e.g : apache, mysqld).
In any event, generic and service accounts must be managed according to a policy that is at least as stringent as the one for nominative accounts. Moreover, a nominative administration account, different from the user account, must be attributed to each administrator. The usernames and authentication secrets must be different (e.g : pmartin as a username, adm-pmartin as an admin username). This admin account, having more privileges, must be exclusively dedicated to administration actions. Furthermore, it must be used in environments dedicated to administration in order that no connection traces or password hashes are left in a more exposed environment.
Strategies to Mitigate Cyber Security Incidents (EN):
2.4.
Disable local administrator accounts or assign passphrases that are random and unique for each computer’s local administrator account to prevent propagation using shared local administrator credentials.
Relative Security Effectiveness: Excellent | Potential User Resistance: Low | Upfront Cost: Medium | Ongoing Maintenance Cost: Low
Relative Security Effectiveness: Excellent | Potential User Resistance: Low | Upfront Cost: Medium | Ongoing Maintenance Cost: Low
2.6.
Protect authentication credentials. Remove CPassword values (MS14-025). Configure WDigest (KB2871997). Use Windows Defender Credential Guard. Change default passphrases. Require long complex passphrases.
Relative Security Effectiveness: Excellent | Potential User Resistance: Medium | Upfront Cost: Medium | Ongoing Maintenance Cost: Low
Relative Security Effectiveness: Excellent | Potential User Resistance: Medium | Upfront Cost: Medium | Ongoing Maintenance Cost: Low
Связанные защитные меры
Ничего не найдено