What does privilege have to do with your agency’s security controls? The fact is that most data breaches start with privilege abuse. Think Edward Snowden. In the wake of his leaks, the NSA pledged to reduce system administrator privileges by 90%. Then there are outsiders. Most recent federal data breaches originate from attackers who exploited the login accounts of employees or contractors to gain access to sensitive data.
The trouble with both scenarios is that many users have more access than they need to perform their job functions. Of course, restricting privileges is only part of the solution. Users who are under privilege need to be monitored and audited. Controls and monitoring are also a key part of federal regulations and standards such as NIST SP 800-53, NIST SP 800-39 and NIST SP 800-137.
Best practice calls for least privilege to manage access, protect against inappropriate privileged operations, and immediately act against abuse. But how do you accomplish all of that?
In this whitepaper – What is Privilege Management and Where Do You Start? – DLT partner, BeyondTrust, offers some best practices:
First, start by asking yourself some information security governance questions:
1. What is my stuff, and who do I trust to have special/privileged access to my company’s stuff?
2. Why should I trust them?
3. How do I make sure that they can maintain my trust?
4. What action should I take if that trust is broken?
BeyondTrust then goes on to offer tips for building out a privileged access management (PAM) program and layering it on top of your systems, operations, and data center.
Then check out how you can ensure your chosen approach meets federal compliance and risk management requirements, such as controls and monitoring, including NIST, FISMA, FIPS, and NIST RMF.