Operating system access control

Objective: To prevent unauthorised access to operating systems.

Access to the operating system should be controlled.

Secure log-on procedures

Access to operating systems should be controlled via a secure log-on process.

User identification and authentication

All users should have an unique identifier for their personal use so that all activities can be traceable to responsible individuals. A suitable authentication technology (or technologies) should be in place to substantiate the claimed identity.

Password management system

An effective password system should be used to authenticate users.

Use of system utilities

The use of system utilities must be restricted and tightly controlled.

Session time-out

Sessions should be set to time out to prevent access by unauthorised persons.

Limitation of connection time

Restrictions of connection times should provide additional security for high-risk applications.