.png)
1. Hallintayhteydet on rajattu turvallisuusluokittain, ellei käytössä ole toimivaltaisen viranomaisen ko. turvallisuusluokille hyväksymää yhdyskäytäväratkaisua.
2. Hallintaliikenteen sisältäessä turvallisuusluokiteltua tietoa ja kulkiessa matalamman turvallisuusluokan ympäristön kautta, turvallisuusluokitellut tiedot on salattu toimivaltaisen viranomaisen hyväksymällä salaustuotteella.
3. Hallintaliikenteen kulkiessa ko. turvallisuusluokan sisällä, alemman tason salausta tai salaamatonta siirtoa voidaan käyttää riskinhallintaprosessin tulosten perusteella toimivaltaisen viranomaisen erillishyväksyntään perustuen.
4. Hallintayhteydet on rajattu vähimpien oikeuksien periaatteen mukaisesti.
Remote administration of classification level III processing environments must be carried out from within a security area. For classification level III and other critical processing environments, remote administration must be technically bound to approved remote administration equipment (e. g. device authentication).
Administrative connections are restricted in accordance with the principle of the least privilege.
Administrative connections are restricted by classification level, unless a gateway solution is in place that is sufficiently secure for the relevant classification level.
When administrative traffic contains classified information and passes through a lower classification level environment, the classified information must be encrypted with an encryption product providing sufficient security.
When administrative traffic occurs within the same classification level, lower-level encryption or unencrypted transfer may be used, based on the results of the risk management process.
Administrative access must take place through restricted, managed, and monitored points.
The protection of administrative connections must take into account the extent to which confidential information could be compromised through such connections. Most forms of administrative access allow entry to confidential information either directly (e. g. database administration typically has access to database content when needed) or indirectly (e. g. network device administration can usually alter firewall rules that protect information systems). This makes administrative connections a particularly attractive target for malicious actors.
When an administrative connection provides direct or indirect access to confidential information, the connection and the terminal devices used for it should, as a rule, be restricted to the same classification level as the information processing environment itself. The devices in question are systems for which administrative rights should only be available to administrators or equivalent personnel. Typical examples include firewalls, routers, switches, wireless access points, servers, workstations, ILO management interfaces, and Blade chassis management interfaces.
Digiturvamallissa kaikki vaatimuskehikkojen vaatimukset kohdistetaan universaaleihin tietoturvatehtäviin, jotta voitte muodostaa yksittäisen suunnitelman, joka täyttää ison kasan vaatimuksia.
.png)
Aloita ilmaiseksi tutussa Microsoft Teams -ympäristössä.
Jos sinulla on kysymyksiä, varaa palaveri sinulle sopivaan ajankohtaan.
.svg)
.svg)
