SB.13.003 Privileged Access
Privileged Access involves all user access that exposes more functionality than regular users have on any layer of the IT service infrastructure. Authorisations for privileged access are required to follow Least Privilege (just-enough admin).
Privileged Access is just-in-time, meaning it is only used for when needed and regular user actions are not performed using the privileged account.
Privileged access is demonstrably limited to authorised personnel, an authorisation matrix is available for this access.
Authorisation is based on separation of duties and least privilege. Applications must apply separation of duties. Roles are defined based on tasks, responsibilities and privileges. Extra attention must be paid to accounts with the highest privileges.
Privileged assets are managed using a PAM tool. Changes are administered using a CMS/ITIL tool.
Templates and references