Controls

Terug naar overzicht
Version

SB.7.003 Local privileged accounts

Endpoint Security
Medium
Medium
Medium
Organisation
v2.0 (Q1 2024)

Description

Regular end-users do not have privileged access to endpoints continuously, including but not limited to the ability to modify organisationally managed system settings, changes to environment variables, directly modify the registry, modify files in system directories or install programs.

Only users that have a demonstrable need for a local privileged account to perform their work activities can have access to a local privileged account. This access adheres to the privileged access controls, including just-in-time and just-enough admin.

These privileges are registered together with the reason why and the approver.

Specification

  • Privileged setting and features cannot be controlled using a non-privileged account.
  • Approved business applications are deployed through a centrally managed solution.
  • User workstations have protections to prevent them from leaving the organisational domain.
  • Privileged settings and features cannot be controlled using a non-privileged account.

Specification

ISO

- Privileged setting and features cannot be controlled using a non-privileged account
- Approved business applications are deployed through a centrally managed solution.
- User workstations have protections to prevent them from leaving the organizational domain.
- Privileged setting and features cannot be controlled using a non-privileged account.

NBA