Cyber Essentials Access Controls

Cyber Essentials Access Controls

The Cyber Essentials access controls ensures that only authorized individuals have user accounts, and that they are granted only as much access as they need to perform their roles. These controls significantly reduce the risk of information being stolen or damaged.

Cyber Essentials - Access Control Requirements

User Account Management

User accounts have access to your organization’s data and services.  It is therefore important that user accounts and their privileges’ are controlled and that the identity of all connecting users are properly verified using strong authentication methods.

Privileged and Administrative Accounts

Privileged and administrative accounts have enhanced access to devices, applications and information.

As malicious actors can exploit the greater freedoms in privileged and administrative accounts to facilitate large scale corruption of information, disruption to business processes and unauthorized access to other devices in the organization, it is crucial that privileged accounts are protected and controlled. 

Cyber Essentials – Access Control Requirements

The cyber essentials certification requires organisations to :

• Have a user account creation and approval process.
• Authenticate users before granting access to applications or devices, using unique credentials.
• Remove or disable user accounts when no longer required (i.e. when a user leaves the organisation or after a defined period of account inactivity, for example).
• Implement two-factor authentication where available.
• Use administrative accounts to perform administrative activities only (no emailing, web browsing or other standard user activities that may expose administrative privileges to avoidable risks).
• Remove or disable special access privileges when no longer required (when a member of staff changes role, for example).

Learn more about the other cyber essentials controls

Our services

Shopping Cart