User Account Management

From attackics
Jump to navigation Jump to search
User Account Management
Mitigation
ID M1018
NIST SP 800-53 Rev. 4 AC-2
IEC 62443-3-3:2013 SR 1.3
IEC 62443-4-2:2019 CR 1.3

Description

Manage the creation, modification, use, and permissions associated to user accounts.


Techniques Addressed by Mitigation

NameUse
Data from Information RepositoriesEnsure users and user groups have appropriate permissions for their roles through Identity and Access Management (IAM) controls to prevent misuse. Implement user accounts for each individual that may access the repositories for role enforcement and non-repudiation of actions.
External Remote ServicesConsider utilizing jump boxes for external remote access. Additionally, dynamic account management may be used to easily remove accounts when not in use.
Modify Alarm SettingsLimit privileges of user accounts and groups so that only designated administrators or engineers can interact with alarm management and alarm configuration thresholds.
Service StopLimit privileges of user accounts and groups so that only authorized administrators can change service states and configurations.
Valid AccountsEnsure users and user groups have appropriate permissions for their roles through Identity and Access Management (IAM) controls. Implement strict IAM controls to prevent access to systems except for the applications, users, and services that require access. Implement user accounts for each individual for enforcement and non-repudiation of actions.