Back to T5.6.1 - P1 - INFORMATION ACCESS RESTRICTION
Restrictions to access should be based on individual business application requirements. The access control policy should also be consistent with the organizational access policy.
Applying the following guidelines should be considered in order to support access restriction requirements:
- Providing menus to control access to application system functions
- Controlling the access rights of users, e.g. read, write, delete, and execute
- Controlling access rights of other applications
- Ensuring that outputs from application systems handling sensitive information contain only the information relevant to the use of the output and are sent only to authorized terminals and locations; this should include periodic reviews of such outputs to ensure that redundant information is removed
