they are and how you can tell them apart are important to know. Make sure you keep an eye on the safety factors. Redundant power, warranty, and support have been added to the list in the first article on hardware operation in 4.2. Third-party connection is a new feature in 4.3, and it deals with third parties connecting to your network to do work or consume data and services.
Identity and Access Management ○ A new item for apps was included in 5.1 when it came to managing access to assets. Prior to this time, applications were not included. ○ JIT (just-in-time) is introduced in 5.2. ○ In 5.3, a new item was added for hybrid implementations of federated identity with a third-party service. For their federated identification environment, it includes some on-premises and some cloud-based solutions combined. ○ An item for risk-based access control was included in version 5.4. Risk-based access control assesses the individual risks associated with each user’s authentication to determine what measures should be performed. For example, with low-risk authentication, no action is required. MFA, on the other hand, may be necessary in cases of high-risk authentication. ○ Provisioning and deprovisioning have been expanded to accommodate transfers in 5.5. New roles and privilege escalation elements have also been added (managed service accounts, use of sudo, and minimizing its use). ○ OpenID Connect, SAML, Kerberos, RADIUS, and TACACS+ are all covered in 5.6, which is completely new.
Security and Assessment Testing ○ Two new things were introduced to the testing of security controls in 6.2: simulations of breach attacks and compliance checks. A high-level description of each of these topics is expected. ○ Remediation, exception management, and ethical disclosure have been added to 6.4. Make sure you’re aware of the differences between them.
Security Operations
