+ORP.4.A2 Creating, Changing, and Revoking Authorisations [IT Operation Department] (B)

1. Übersicht

ORP.4.A2 Creating, Changing, and Revoking Authorisations [IT Operation Department] (B)

User IDs and authorisations MUST ONLY be granted on the basis of actual need in connection with specific tasks (in line with the least-privilege and need-to-know principles). If there are personnel changes, the user IDs and authorisations that are no longer required MUST be removed. If employees apply for authorisations that are beyond the respective standard, they MUST ONLY be assigned after additional justification and verification are provided. Access permissions to system directories and files SHOULD be restricted. All authorisations MUST be established via separate administrative roles.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022