A04. System access permission configuration

Preface

This article willSystem access permission configuration, operation permissions for operation support personnel, super administrator account permissions, and sensitive data operation managementConduct in-depth assessments of the four key areas and put forward corresponding improvement suggestions to further enhance the effectiveness of account security and permission management.

A04.System access permission configuration

Evaluation elements:

①Whether the system platform is configured with access permission control strategy;

A04. System access permission configuration

②Whether the business system access permission configuration meets the business requirements, security strategy, and the principle of minimum authorization;

③Whether to provide system platform access permission configuration strategy screenshot evidence.

Material requirements collection design

1.Please describe each item of the system account password security strategy configuration, and attach screenshots of the configuration situation below:

(e.g., set password complexity3types of characters8digits or more, input error5times after locking the account, the validity period of the account password is90Day)

①Application platform:

Password complexity configuration:

1708484540_65d567bc25b290fafec33.png!small?1708484540737

Account lockout strategy configuration:

1708484551_65d567c76189d06070850.png!small?1708484551821

Account password validity period:

1708484566_65d567d6e3ba5db1c52ec.png!small?1708484567418

Password recovery process:

1708484583_65d567e749851b4332d97.png!small?1708484583780

②Host system:

Password complexity configuration, account lockout strategy configuration, account password validity period:

1708484595_65d567f32451ae971a44b.png!small?1708484595933

③Database:

Password complexity configuration, account lockout strategy configuration, account password validity period:

1708484607_65d567ffbffd2f7fdbe4b.png!small?1708484608428

2. Please explain whether the business support system is equipped with system access authorization control measures:

£Yes £No

If so, please specify which system access authorization control measures are adopted:

For example, in role-based access control (role-BAC), permissions are not directly assigned to users, but assigned to the roles of users. For example, an organization may have roles such as employees, managers, and administrators. Each role has a set of related permissions that define the operations that users can perform. When users are assigned to a role, they inherit the permissions of that role.

Please provide evidence of front-end application access control measures

Please provide evidence of host system access control measures

Please provide evidence of database access control measures

你可能想看：

It is possible to perform credible verification on the system boot program, system program, important configuration parameters, and application programs of computing devices based on a credible root,

A brief discussion on how to ensure the security of information assets during the termination of information systems

A brief discussion on how key information infrastructure operators should revise and improve security management systems

How to use SystemInformer to monitor system resources, debug software, and detect malware

3.5 Configure EnableAutoConfiguration

Emergency response of the Windows system from the perspective of permission maintenance

A Brief Discussion on the Establishment of Special Security Management Organizations for Operators of Key Information Infrastructure

1. Based on scenarios, enhance and strengthen the capabilities of the security system to accelerate the operational process