CyStack.,JSC

CyStack is a leading Vietnam-based cybersecurity firm recognized for its research, innovation, and award-winning products and services in security testing and assessment, managed security services, data protection, and security compliance. Dedicated to inclusivity, CyStack delivers intuitive and scalable solutions that ensure robust protection for businesses of all sizes, regardless of budget or technical expertise.

Controls

Access Management

STATUS

CONTROL

Compliant

Access Provisioning and Deprovisioning

Access changes require manager or security team approval. Access is provisioned during onboarding and promptly revoked upon role change or termination.

Compliant

Multi-Factor Authentication (MFA)

MFA is required for all critical systems, production environments, and SSO. Approved methods include authenticator apps, hardware tokens, and push notifications.

Compliant

Password Management

The organization enforces password policies covering length, complexity, and rotation requirements. A password manager is used to securely store and generate credentials.

Compliant

Privileged Access Management

Access to critical systems and production data requires case-by-case approval. Privileged access is temporary, audited, and granted only through secured channels.

Compliant

Role-Based Access Control (RBAC)

Access to systems and applications is granted based on the user's job role following the principle of least privilege.

Compliant

Access Reviews

User access rights are reviewed at least quarterly. Unnecessary or excessive permissions are promptly revoked to maintain least-privilege access.

Compliant

Single Sign-On (SSO)

The organization uses SSO for internal systems to centrally manage user identities and access across all business applications.