| ๐ผ 4.1 Have in place a process to create and approve user accounts | | | | |
| ๐ผ 4.2 Authenticate users with unique credentials before granting access to applications or devices | 4 | | | |
| ย ย ย ย ๐ผ 4.2.1 Passwords are protected against brute-force password guessing | | | | |
| ย ย ย ย ๐ผ 4.2.2 Use technical controls to manage the quality of passwords. | | 2 | 3 | |
| ย ย ย ย ๐ผ 4.2.3 Support users to choose unique passwords for their work accounts | | 1 | 1 | |
| ย ย ย ย ๐ผ 4.2.4 The password element of the multi-factor authentication | | 2 | 3 | |
| ๐ผ 4.3 Remove or disable user accounts when they're no longer required | | | | |
| ๐ผ 4.4 Implement MFA, where available | | | | |
| ๐ผ 4.5 Use separate accounts to perform administrative activities only | | | | |
| ๐ผ 4.6 Remove or disable special access privileges when no longer required | | | | |