Identity and Access Management
Book
MidPoint
- Compliance
  - ISO 27001
    - 5.1
    - 5.2
    - 5.3
    - 5.4
    - 5.5
    - 5.6
    - 5.7
    - 5.8
    - 5.9
    - 5.10
    - 5.11
    - 5.12
    - 5.13
    - 5.14
    - 5.15
    - 5.16
    - 5.17
    - 5.18
    - 5.19
    - 5.20
    - 5.21
    - 5.22
    - 5.23
    - 5.24
    - 5.25
    - 5.26
    - 5.27
    - 5.28
    - 5.29
    - 5.30
    - 5.31
    - 5.32
    - 5.33
    - 5.34
    - 5.35
    - 5.36
    - 5.37
    - 6.1
    - 6.2
    - 6.3
    - 6.4
    - 6.5
    - 6.6
    - 6.7
    - 6.8
    - 7.1
    - 7.2
    - 7.3
    - 7.4
    - 7.5
    - 7.6
    - 7.7
    - 7.8
    - 7.9
    - 7.10
    - 7.11
    - 7.12
    - 7.13
    - 7.14
    - 8.1
    - 8.2
    - 8.3
    - 8.4
    - 8.5
    - 8.6
    - 8.7
    - 8.8
    - 8.9
    - 8.10
    - 8.11
    - 8.12
    - 8.13
    - 8.14
    - 8.15
    - 8.16
    - 8.17
    - 8.18
    - 8.19
    - 8.20
    - 8.21
    - 8.22
    - 8.23
    - 8.24
    - 8.25
    - 8.26
    - 8.27
    - 8.28
    - 8.29
    - 8.30
    - 8.31
    - 8.32
    - 8.33
    - 8.34
Identity Connectors
Support
Trainings
Evolveum
Community
Library
Case Studies
Talks
Glossary
Frequently Asked Questions
About

ISO/IEC 27001 Control 8.33: Test information

Control

Test information should be appropriately selected, protected and managed.

Necessity of MidPoint

MidPoint's contribution to implementation of this control is marginal.

Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.

Implementation Overview

MidPoint provides supporting functionality for test information protection.

Implementation Details

MidPoint can control access both to production environment as well as testing environment in a consistent way, providing overall visibility. E.g. policy rules can be used to find users that have access to both environments, and therefore are able to copy production data to test environment.

Implementation Notes

We strongly recommend to apply equivalent security measures to development and test environments as are applied to production environments, which is also suggested by the control. MidPoint can be used to apply security and access control policies consistently across all environments.
While midPoint is designed to control access of users to testing environments, midPoint in its current version is not designed for management of testing data. I.e. midPoint can manage access of testers to testing environment, however it is not meant to create accounts that are testing data (e.g. customer accounts). Management of testing data would require special-purpose features, such as anonymisation/pseudonymization and/or other forms of data masking to protect personal information. Some midPoint features can be used for this purpose when customized (e.g mappings). However, such functionality is not provided out-of-the-box. See control 8.11 for more information.

Rationale

MidPoint provides general-purpose access control for all environments, which can provide supporting functionality for test information protection.

Was this page helpful?

YES NO

Thanks for your feedback