Control 3.1.1
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
What this is referring to is a system from which you are going to use to authenticate users. This will most likely need to be a Windows-based domain. Trying to use no domain or a Unix or Linux based authentication system is going to be very hard to pull off. You will need Group Policy Objects and two-factor authentication later on in the other controls, so having a windows domain makes this a lot easier. Having a windows domain is also simple to show as evidence that you limit access to files, folders, computers, servers an applications. If you lack the expertise in-house, the majority of Managed Security Service Providers have the experience to configure a Windows domain. Many software platforms tie into LDAP and Active Directory, which is used by a Windows domain. So you will need a Windows domain and you will need to have a hierarchy of users, those that will be able to access secure data and those that won’t, this is accomplished through security groups built into the domain platform. You will need to show that you have separation, groups and permission levels of who can access what in order to pass this control.
Single Point of Contact was founded in 1999 and is a Managed Security Service Provider in the San Francisco Bay Area. We tailor our IT security services to take into consideration every day challenges businesses face. Cybersecurity issues often stem from within an organization, so we take proactive measures to ensure everyone from top to bottom understands the ramifications of a cyberattack. Don’t hesitate to contact us to see how we can help better protect your company.
