Acccess Control

Each user of the GCSx network must be allocated a unique User ID and reliably authenticated by means of a sufficiently complex password. This is defined as :

• 7 Characters minimum
• Alpha-numeric with a least one digit
• Changed periodically (60-90 days)
• Not reused within 20 password change

Anyone who uses the GCSx network must be cleared to at least 'Baseline Personnel Security Standard' level. A definitive guide to carrying out these checks can be found here.
References should be attached for new applicants along with other information relevant to security i.e. CRB check. (A CRB check should be undertaken if required by the role. It is not a requirement for GCSx).
CPNI have published a series of whitepapers regarding personnel security. They are available here.

---

Suggested Solutions

Encription

Password strengths and other access mechanisms are all tested as part of our penetration testing service To see what Tiger Certified Encription Limited can do on Access Controls give us a call 01905 754440 or go to http://encription.co.uk/public-sector.php

GrIDsure

GrIDsure's pattern based authentication provides a more secure login than passwords without requiring the use of tokens. An award winning technology that users find intuitive and accessible whilst providing the IT department with strong authentication that is easy to deploy and manage. Use scenarios include Remote Access, LAN Access and Web Access control. For more information visit www.gridsure.com

IBM

IBM Tivoli software provides a comprehensive solution to all access control requirements. More information can be found here

Sapphire

Sapphire can assist in advising on background checks in accordance with the Baseline Personnel Security Standard as well as ensuring that authentication mechanisms meet the requirements of the GSi community. This includes two factor authentication and web based secure remote access. For further information please email Coco Information or call 01642 702100.