Cloud Security Principles
Identity and Authentication
All access to service interfaces should be constrained to authenticated and authorised individuals.
NCSC - Identity and Authentication
Access to the service infrastructure is limited to authorised staff who require access for a specific documented purpose. There's more information in the Secure Service Administration section. Users have no direct access to the service infrastructure.
Access to the service management interface (iCM) is performed via HTTPS, can be federated with an existing identity provider, may be restricted to certain IP addresses, and requires a username and password with complexity rules you define.
Last modified on January 19, 2022