L.12 Define and implement a policy to manage the access rights of user accounts. M.06 Ensure the organisation has identified asset owners and asset owners control access to their assets. L.07 Define and implement a policy to control access to information and information processing facilities. Note that while the controls are defined based on the risks associated with the contract (Low, Medium or High), Thales’s solutions apply across similar controls simultaneously, and are therefore consolidated below. Thales provides data security solutions that help address these controls, as indicated. DEF STAN 05-138, which specifies the measures that defence suppliers are required to achieve at each of the five levels of cyber risk that a contract can be assessed as carrying, includes several controls specific to the protection of sensitive information, as outlined below.
