DS5.3 Identity Management (4 of 4)
Cost-effective technical and procedural measures are deployed and kept current to establish user identification, implement authentication and enforce access rights.
Illustrative Controls and the TIBCO LogLogic Solution
All logins to network devices, operating systems, platforms, databases and applications must be reviewed to ensure only authorized and appropriate personnel have access.
To satisfy this control objective, administrators must assess the authentication mechanisms used to validate user credentials (new and existing) for financial reporting systems to support the validity of transactions. Server and application activities must be monitored for locked-out accounts as they can represent malicious activities.
Monitor and verify all user access to programs and data. Review access to ensure there is segregation of duties as well as all access privileges are properly assigned and approved.
Reports and Alerts
Use the following link/reference to see the DS5.3 reports and alerts: DS5.3 (4/4).