Controls

Terug naar overzicht
Version

SB.13.003 Privileged Access

Medium
Medium
Medium
Privileged Access Management
System Owner
v2.0 (Q1 2024)

Description

Privileged Access involves all user access that exposes more functionality than regular users have on any layer of the IT service infrastructure. Authorisations for privileged access are required to follow Least Privilege (just-enough admin).

Privileged Access is just-in-time, meaning it is only used for when needed and regular user actions are not performed using the privileged account.

Privileged access is demonstrably limited to authorised personnel, an authorisation matrix is available for this access.

Specification

Authorisation is based on separation of duties and least privilege. Applications must apply separation of duties. Roles are defined based on tasks, responsibilities and privileges. Extra attention must be paid to accounts with the highest privileges.

Privileged assets are managed using a PAM tool. Changes are administered using a CMS/ITIL tool.

Templates and references