Creation of new accounts with privileged authorisations, mutations in user groups through which privileged authorisations can be obtained and changes in passwords for non-personal privileged accounts are approved
Potential abuse cases for the (attempted) use of privileged authorisations are defined and monitoring impemented for these cases. False positive situations are approved by the System Owner before being allowed.
Specification
An audit trail on priviliged accounts is available. Approval is stored in a durable manner and kept for at least one year.
ISO 27001 & 27002:2022
A8.2,
A8.5,
A8.15
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
ID.03 Super users