NSTSSI Security Education Standards |
4. ACCESS a. Access Concepts (1) define the term "access"; (2) identify who can issue access authorization; (3) discuss how access levels are determined; (4) explain how privileges are derived from the risk management process; (5) define the term "least privilege"; (6) explain the concept of discretionary access control; and (7) explain the concept of mandatory access control. b. Access Control Measures (1) explain the purpose of access control rosters and list-based access controls as means of discretionary access control; (2) discuss the function of access control software; (3) discuss the purpose of role-based access controls; and (4) state the criteria for rules-based access controls. c. Access Tools (1) explain how biometrics mediate access; (2) compare the concept of access mode to attributes; (3) determine responsibilities associated with password management; (4) state the purpose of one-time passwords; (5) explain the concept of single sign-on; (6) discuss issues of smart card/token authentication; (7) identify personnel responsible for clearance verification; and (8) define the term "access period."