Administrative access must take place through restricted, managed, and monitored points.
The protection of administrative connections must take into account the extent to which confidential information could be compromised through such connections. Most forms of administrative access allow entry to confidential information either directly (e. g. database administration typically has access to database content when needed) or indirectly (e. g. network device administration can usually alter firewall rules that protect information systems). This makes administrative connections a particularly attractive target for malicious actors.
When an administrative connection provides direct or indirect access to confidential information, the connection and the terminal devices used for it should, as a rule, be restricted to the same classification level as the information processing environment itself. The devices in question are systems for which administrative rights should only be available to administrators or equivalent personnel. Typical examples include firewalls, routers, switches, wireless access points, servers, workstations, ILO management interfaces, and Blade chassis management interfaces.
Digiturvamallissa kaikki vaatimuskehikkojen vaatimukset kohdistetaan universaaleihin tietoturvatehtäviin, jotta voitte muodostaa yksittäisen suunnitelman, joka täyttää ison kasan vaatimuksia.