4.6.1 - The repository shall comply with Access Policies.
Supporting Text
This is necessary in order to ensure the repository has fully addressed all aspects of usage which might affect the trustworthiness of the repository, particularly with reference to support of the user community.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Statements of policies that are available to the user communities; information about user capabilities (authentication matrices); logs and audit trails of access requests;explicit tests of some types of access.
4.6.1.1 The repository shall log and review all access management failures and anomalies.
Supporting Text
This is necessary in order to identify security threats and access management system failures.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Access logs, capability of the system to use automated analysis/monitoring tools and generate problem/error messages; notes of reviews undertaken or action taken as a result of reviews.