Implement Continuous Verification for All Requests

This standard mandates the implementation of continuous verification for all requests to ensure no request is trusted by default, regardless of its origin.

1. Implement Continuous Verification for All Requests:

No request should be trusted by default, regardless of its origin. This approach ensures that all requests are verified, reducing the risk of unauthorised access.

• 1.1 Real-Time Identity Validation:
  • 1.1.1 Contextual Access Policies:
    • Use real-time identity validation with contextual access policies.
    • Automate the configuration of real-time identity validation.
  • 1.1.2 Validation Management:
    • Automate the tracking of validation results.
    • Implement validation tutorials.
• 1.2 Device Posture Checks:
  • 1.2.1 Access Granting:
    • Implement device posture checks before granting access.
    • Automate the execution of device posture checks.
  • 1.2.2 Check Management:
    • Automate the tracking of device posture check results.
    • Implement check feedback collection.
• 1.3 Continuous Authentication and Authorisation:
  • 1.3.1 Request Verification:
    • Ensure all requests undergo continuous authentication and authorisation.
    • Automate the continuous authentication process.
  • 1.3.2 Verification Management:
    • Automate the tracking of authorisation results.
    • Implement verification tutorials.

By implementing continuous verification, organisations can ensure that all requests are validated.

---