BIO 05.01.01 ISO A.5.1

Terms Of Gebruiken Design

πŸ“… 2025-10-30
β€’
⏱️ 5 minuten lezen
β€’
🟒 Should-Have

πŸ’Ό Management Samenvatting

Terms of gebruiken policies forceren acceptance van acceptable gebruiken policies, privacy statements, en compliance agreements via voorwaardelijke toegang.

Aanbeveling
IMPLEMENTEER TERMS OF USE
Risico zonder
Low
Risk Score
4/10
Implementatie
12u (tech: 4u)
Van toepassing op:
βœ“ Azure AD
βœ“ voorwaardelijke toegang

Legal en compliance: Users moeten acceptable gebruiken policies accepteren voordat accessing corporate resources. Terms of gebruiken provide: (1) Legal enforceability - Documented acceptance met timestamp/IP, (2) Compliance - AVG privacy notice, Acceptable gebruiken Policy acknowledgment, (3) Re-acceptance - Force re-acceptance Wanneer policies change, (4) Differentiated terms - Different terms voor internal vs external users. voor guest access: Separate terms explaining data handling, acceptable use.

PowerShell Modules Vereist
Primary API: Microsoft Graph
Connection: Connect-MgGraph
Required Modules: Microsoft.Graph.Identity.Governance

Implementatie

Terms of gebruiken design: Maak aan ToU documents (Acceptable gebruiken Policy, Privacy Notice, Guest Access Terms), CA policies dwing af acceptance (Blokkeer access Totdat accepted), Re-acceptance intervals (annual review), Audit logt van acceptance events.

Vereisten

  1. Azure AD Premium P1
  2. Legal-approved ToU documents (PDF format)
  3. Conditional Access beleidsregels
  4. Documented re-acceptance schedule

Implementatie

Gebruik PowerShell-script terms-of-use.ps1 (functie Invoke-Remediation) – ToU deployment.

  1. Azure AD β†’ Terms of gebruiken β†’ Upload ToU PDFs
  2. Maak aan CA policy: Require ToU acceptance voordat access
  3. Different ToU voor guests vs employees
  4. Configureer re-acceptance: Annual

monitoring

Gebruik PowerShell-script terms-of-use.ps1 (functie Invoke-Monitoring) – Controleren.

  1. Acceptance logt (who, when, van where)
  2. Non-acceptances (blocked access)
  3. Re-acceptance compliance

Compliance en Auditing

  1. AVG - Privacy notice (informed consent)
  2. Acceptable gebruiken Policy enforcement
  3. Legal compliance - documented agreements

Remediatie

Gebruik PowerShell-script terms-of-use.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# .SYNOPSIS Terms of Use Design .DESCRIPTION Implementation for Terms of Use Design .NOTES Filename: terms-of-use.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 Related JSON: content/design/identity/terms-of-use.json #> #Requires -Version 5.1 #Requires -Modules Microsoft.Graph [CmdletBinding()] param( [Parameter()][switch]$WhatIf, [Parameter()][switch]$Monitoring, [Parameter()][switch]$Remediation, [Parameter()][switch]$Revert ) $ErrorActionPreference = 'Stop' $VerbosePreference = 'Continue' $PolicyName = "Terms of Use Design" $BIOControl = "7.01" function Connect-RequiredServices { # Connection logic based on API } function Test-Compliance { Write-Verbose "Testing compliance for: $PolicyName..." $result = [PSCustomObject]@{ ScriptName = "terms-of-use" PolicyName = $PolicyName IsCompliant = $false TotalResources = 0 CompliantCount = 0 NonCompliantCount = 0 Details = @() Recommendations = @() } # Compliance check implementation # Based on: Design Document $result.Details += "Compliance check - implementation required based on control" $result.NonCompliantCount = 1 return $result } function Invoke-Remediation { Write-Host "`nApplying remediation for: $PolicyName..." -ForegroundColor Cyan # Remediation implementation Write-Host " Configuration applied" -ForegroundColor Green Write-Host "`n[OK] Remediation completed" -ForegroundColor Green } function Invoke-Monitoring { $result = Test-Compliance Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "$PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "Total: $($result.TotalResources)" -ForegroundColor White Write-Host "Compliant: $($result.CompliantCount)" -ForegroundColor Green $color = if ($result.NonCompliantCount -gt 0) { "Red" } else { "Green" } Write-Host "Non-compliant: $($result.NonCompliantCount)" -ForegroundColor $color return $result } function Invoke-Revert { Write-Host "Revert: Configuration revert not yet implemented" -ForegroundColor Yellow } try { Connect-RequiredServices if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { if ($WhatIf) { Write-Host "WhatIf: Would apply remediation" -ForegroundColor Yellow } else { Invoke-Remediation } } elseif ($Revert) { Invoke-Revert } else { $result = Test-Compliance if ($result.IsCompliant) { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red } } } catch { Write-Error $_ }

Risico zonder implementatie

Risico zonder implementatie
Low: Users unaware policies = no documented acceptance. Legal enforceability weak. AVG privacy notice not acknowledged. Compliance: AVG Article 13. Het risico is medium - legal enforceability.

Management Samenvatting

Terms of Use: Conditional Access-enforced acceptance - Acceptable Use Policy (AUP), Privacy notice (AVG Article 13), Security policies, Data handling guidelines. Users must accept before access (documented consent). Re-acceptance periodic (policy updates). Vereist: Azure AD P1. Activatie: Entra ID β†’ CA β†’ Terms of Use β†’ Require acceptance. Gratis (P1 included). Verplicht AVG Article 13. Implementatie: 4-12 uur (legal review + policy creation + CA assignment). Legal enforceability + AVG compliance.