ContentsIdentity and access managementExplicit identity management requirements (Art. 20 RTS RMF)What DORA now explicitly requiresImpact vs. BAIT/VAIT“Need-to-use” principle and strengthened access management (Art. 21 RTS RMF)1. The new principle: “need-to-use”2. Other access management requirements under DORA3. New recertification cycles4. Privileged & emergency access Identity and access management Explicit identity management requirements (Art. 20 RTS RMF) BaFin notes that BAIT/VAIT already implied identity management, but DORA now makes it an explicit, documented discipline. What DORA now explicitly requires Under Art. 20 RTS RMF, financial entities must have documented identity management guidelines and procedures that ensure: Impact vs. BAIT/VAIT “Need-to-use” principle and strengthened access management (Art. 21 … Continue reading Identity and access managementRead More →