Identity and access management

EUCSEC04: How do you separate end user systems to meet your organization's policies?

When implementing EUC services, your organization may have requirements to separate compute devices accessed directly by end users from others used for infrastructure applications.

EUCSEC05: How do you manage application entitlements in your EUC environments?

Users should be entitled to access individual applications rather than provided access to all applications on end user systems. Apply this in a consistent way so that there is a minimal chance of operational failure or accidental granting of full access to all applications.

EUCSEC06: How do you authenticate and authorize access to your end user applications?

Strong and consistent authentication and authorization are key to the secure operation of an end user system to help prevent unauthorized access. Authentication using multiple factors may be a requirement, and the authentication system in use should satisfy this requirement.

Best practices

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

EUCSEC03-BP01 Restrict user permissions to the minimum required to perform their role

EUCSEC04-BP01 Separate end user systems between different groups of users when required to satisfy policy or regulatory requirements