Privileged Access Management

MFA for Privileged Access

Description Authentication for access using privileged accounts includes Multi-Factor Authentication. This can include Multi-Factor Authentication to get access to a network and subsequent strong cryptographic asymmetric keys for authentication. Devices...

Break Glass Procedure

Description There is a procedure to use Privileged Access Management in unpredicted and/or emergency situations when access to privileged accounts is required in unanticipated events (privileged or non-privileged). Passwords are...

Session Management for Privileged Access

Description Privileged Access to IT services is orchestrated through a Privileged Access Management (PAM) system. Actions taken using privileged accounts are logged or recorded. These actions are reviewed (either sample-based...

Separate Accounts for Privileged Access

Description Accounts for privileged users are separate from regular user accounts. If a user needs privileged functionality, a second (privileged) account will be created to keep the privileged and non-privileged...

Service Accounts

Description Service accounts are only used when necessary for system authentication (no association with natural persons) or system-to-system authentication. The purpose of a service account is always documented. Each unique...

Privileged Access

Description Privileged Access involves all user access that exposes more functionality than regular users have on any layer of the IT service infrastructure. Authorisations for privileged access are required to...

Access to admin interfaces

Description Administrative interfaces (other than application-level) are only accessible from an internal zone designated for administrative tasks. Access to this zone is secured via jumpservers. These jumpservers are used exclusively...

Segmenting authentication domains

Description A distinction must be made between security levels within the IT landscape when considering privileged access secret authentication information, where a logical distinction is made at least for user...