Privileged Account Management
Jump to navigation Jump to search
|Privileged Account Management|
|NIST SP 800-53 Rev. 4||AC-2|
|IEC 62443-3-3:2013||SR 1.3|
|IEC 62443-4-2:2019||CR 1.3|
Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.
Techniques Addressed by Mitigation
|Data Destruction||Minimize permissions and access for service accounts to limit the information that may be impacted by malicious users or software.1|
|Data from Information Repositories||Minimize permissions and access for service accounts to limit the information that may be exposed or collected by malicious users or software.1|
|Exploit Public-Facing Application||Use least privilege for service accounts.21|
|Exploitation of Remote Services||Minimize permissions and access for service accounts to limit impact of exploitation.2|
|Network Sniffing||Restrict root or administrator access on user accounts to limit the ability to capture promiscuous traffic on a network through common packet capture tools.1|
|Valid Accounts||Audit domain and local accounts and their permission levels routinely to look for situations that could allow an adversary to gain system wide access with stolen privileged account credentials.34 These audits should also identify if default accounts have been enabled, or if new local accounts are created that have not be authorized. Follow best practices for design and administration of an enterprise network to limit privileged account use across administrative tiers.5|
- National Institute of Standards and Technology. (2013, April). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved September 17, 2020.
- Keith Stouffer. (2015, May). Guide to Industrial Control Systems (ICS) Security. Retrieved March 28, 2018.
- Microsoft. (2017, May). Attractive Accounts for Credential Theft. Retrieved September 25, 2020.
- Microsoft. (2018, August). Implementing Least-Privilege Administrative Models. Retrieved September 25, 2020.
- Microsoft. (2019, February). Active Directory administrative tier model. Retrieved September 25, 2020.