ABSTRACT
The controls specified in this chapter are the technical controls, or those controls that govern the ongoing technical mechanisms impacting security. The access control (AC) family could be in some ways viewed as the primary focus of information security for the first several decades. This is the most tested area of information security and uncovers how well the security policies have been implemented. The AC family also promotes technical controls in place such that accounts are locked in the event that someone is attempting to access the account and repeatedly failing. The system notification messages should be made available when the user logs into the system as well as for other entry points, such as a logging onto a server. The security architecture needs to be reviewed to determine the appropriate access between servers, applications, placement of devices, and network zones.
