 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
4. ACCESS
a. Access Concepts
(1) define the term "access";
(2) identify who can issue access authorization;
(3) discuss how access levels are determined;
(4) explain how privileges are derived from the risk management process;
(5) define the term "least privilege";
(6) explain the concept of discretionary access control; and
(7) explain the concept of mandatory access control.
b. Access Control Measures
(1) explain the purpose of access control rosters and list-based access controls as means of
discretionary access control;
(2) discuss the function of access control software;
(3) discuss the purpose of role-based access controls; and
(4) state the criteria for rules-based access controls.
c. Access Tools
(1) explain how biometrics mediate access;
(2) compare the concept of access mode to attributes;
(3) determine responsibilities associated with password management;
(4) state the purpose of one-time passwords;
(5) explain the concept of single sign-on;
(6) discuss issues of smart card/token authentication;
(7) identify personnel responsible for clearance verification; and
(8) define the term "access period."