AUTHENTICATION AND ACCESS CONTROL Clause Samples

The Authentication and Access Control clause establishes the requirements and procedures for verifying user identities and managing permissions to access systems, data, or resources. Typically, this clause outlines the use of secure login credentials, multi-factor authentication, and role-based access controls to ensure that only authorized individuals can access sensitive information. Its core practical function is to protect organizational assets by preventing unauthorized access, thereby reducing the risk of data breaches and ensuring compliance with security standards.
AUTHENTICATION AND ACCESS CONTROL. The Supplier shall operate an access control regime to ensure all users and administrators of the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) are uniquely identified and authenticated when accessing or administering the Services. Applying the ‘principle of least privilege’, users and administrators shall be allowed access only to those parts of the ICT Environment that they require. The Supplier shall retain an audit record of accesses.
View SourceView Similar (6)
AUTHENTICATION AND ACCESS CONTROL. The Supplier shall operate an access control regime to ensure: all users and administrators of the Supplier System are uniquely identified and authenticated when accessing or administering the Services; and all persons who access the Sites are identified and authenticated before they are allowed access to the Sites. The Supplier shall apply the ‘principle of least privilege’ when allowing persons access to the Supplier System and Sites so that such persons are allowed access only to those parts of the Sites and the Supplier System they require. The Supplier shall retain records of access to the Sites and to the Supplier System and shall make such record available to the Authority on request.
View SourceView Similar (3)
AUTHENTICATION AND ACCESS CONTROL. The Supplier shall ensure that accounts are provisioned with privileges appropriate for the user need. Administrator (or other high privilege) accounts shall only be provisioned to users who need those privileges. Administrators shall not conduct ‘normal’ day-to-day business from their high privilege account. Privileges shall be periodically reviewed and removed where no longer required. The Supplier shall ensure that users identify and authenticate to devices and Services. For passwords, the Supplier shall, with reference to CESG’s published best practice ‘Password Guidance: Simplifying Your Approach’: ensure that all passwords are changed from defaults; not allow password/account sharing; ensure that high-privilege users (i.e. administrators) use different passwords for their high-privilege and low-privilege accounts; combine passwords with some other form of strengthening authentication, such as lockouts, throttling or two-factor authentication; ensure that passwords are never stored as plain text, but are (as a minimum) hashed using a cryptographic function capable of multiple iterations and/or a variable work factor. It is advisable to add a ‘salt’ before hashing passwords. In respect of End User Devices, the Supplier shall ensure that users identify and authenticate to devices and Services. Additionally the Supplier shall ensure that only appropriately authorised devices are provided with access to Services, in compliance with EUD Security Principle 3: Authentication. The set of EUD Principles are found here. In respect of the Supplier’s cloud services, the Supplier shall ensure that users, administrators and service providers identify and authenticate to all Services, in compliance with EUD Security Principle: Secure Consumer Management, and EUD Security Principle: Identity and Access Control.
View SourceView Similar (2)
AUTHENTICATION AND ACCESS CONTROL. The Supplier shall operate an access control regime to ensure all users and administrators of the Supplier Solution are uniquely identified and authenticated when accessing or administering the Services. Applying the ‘principle of least privilege’, users and administrators shall be allowed access only to those parts of the Supplier Solution they require. The Supplier shall retain an audit record of accesses.
View Source
AUTHENTICATION AND ACCESS CONTROL. The platform must implement Multi-Factor Authentication (MFA) for all administrative accounts. • Role-based access control (RBAC) must be used to restrict access to critical functions and data. • The Service Provider must maintain secure session management practices, including automatic session timeouts and protection against session hijacking.
View Source
AUTHENTICATION AND ACCESS CONTROL. The Provider shall operate an access control regime to ensure: all users and administrators of the Provider System are uniquely identified and authenticated when accessing or administering the Services; and all persons who access the Sites are identified and authenticated before they are allowed access to the Sites. The Provider shall apply the ‘principle of least privilege’ when allowing persons access to the Provider System and Sites so that such persons are allowed access only to those parts of the Sites and the Provider System they require. The Provider shall retain records of access to the Sites and to the Provider System and shall make such record available to HSE on request. The Provider shall: prior to securely sanitising any HSE Data or when requested the Provider shall provide the Government with all HSE Data in an agreed format provided it is secure and readable; have documented processes to ensure the availability of HSE Data in the event of the Provider ceasing to trade; securely erase in a manner agreed with HSE any or all HSE Data held by the Provider when requested to do so by HSE and certify to HSE that it has done so unless and to the extent required by Law to retain it other than in relation to HSE Data which is owned or licenced by the Provider or in respect of which the Parties are either Independent Controllers or Joint Controllers; securely destroy in a manner agreed with HSE all media that has held HSE Data at the end of life of that media in accordance with any specific requirements in this Agreement and, in the absence of any such requirements, as agreed by HSE other than in relation to HSE Data which is owned or licenced by the Provider or in respect of which the Parties are either Independent Controllers or Joint Controllers; and implement processes which address the National Protective Security Authority and NCSC guidance on secure sanitisation.
View Source
AUTHENTICATION AND ACCESS CONTROL. I will abide by the IRC access processes set in the IRC Access and Usage Procedure
View Source

Related to AUTHENTICATION AND ACCESS CONTROL

  • Execution, Authentication, Delivery and Dating of Rights Certificates (a) The Rights Certificates shall be executed on behalf of the Company by any of its Chairman of the Board, President, Chief Executive Officer and Chief Financial Officer. The signature of any of these officers on the Rights Certificates may be manual or facsimile. Rights Certificates bearing the manual or facsimile signatures of individuals who were at any time the proper officers of the Company shall bind the Company, notwithstanding that such individuals or any of them have ceased to hold such offices either before or after the countersignature and delivery of such Rights Certificates. (b) Promptly after the Company learns of the Separation Time, the Company will notify the Rights Agent of such Separation Time and will deliver Rights Certificates executed by the Company to the Rights Agent for countersignature, and the Rights Agent shall countersign (manually or by facsimile signature in a manner satisfactory to the Company) and send such Rights Certificates to the holders of the Rights pursuant to Subsection 2.2(c) hereof. No Rights Certificate shall be valid for any purpose until countersigned by the Rights Agent as aforesaid. (c) Each Rights Certificate shall be dated the date of countersignature thereof.