Access Control Requirement

Definitions

Access Control Requirement

any security requirement that specifies a required amount of the quality factor access control

Objectives

The typical objectives of a access control requirement are to:

• Ensure that access by users and client applications is controlled:
  1. Ensure that users and client applications are identified.
  2. Ensure that their identities are properly verified.
  3. Ensure that users and client applications can only access data and services for which they have been properly authorized.

Types

The following are different types of access control requirements:

• Identification Requirements
• Identification Requirements
• Authentication Requirements

Guidelines

The following guidelines have been found to be useful when producing access control requirements:

• The scope of an access control requirement can be:
  • A business enterprise
  • An application
  • A component
  • A center
• Do not analyze and specify access control requirements with use cases. A very common requirements mistake is to specify the use of user identifiers and associated passwords with design-level logon use cases.
• Use misuse cases to perform security threat analysis and security use cases to analyze and specify security requirements.