Privileged Password Management: Step by Step
Much has been written about the benefits of Privileged Password Management (including by me) and the risks that it addresses, but there may be a lack of a definitive definition of what that is. I will try to solve that right now.
Privileged Password Management is the lifecycle management of the passwords for privileged accounts. This includes accounts such as “root” on Linux and “Administrator” on Windows.
Step 2. Identify the Proper Users
Again, a good starting point is Item 36 (Listing of personnel and vendors with special access privileges to administer operating systems, networks, and applications) on the “IT Items Needed” section of the NCUA IT Questionnaires Workbook. This will list all of the people who have the requirement for access to Privileged Accounts.
4. Define the Review Procedures and Timeframes
The review procedures should include at least the following: