ECPA-1

ECPA-1 Privileged Account Control

Overview

All privileged user accounts are established and administered in accordance with a role-based access scheme that organizes all system and network privileges into roles (e.g., key management, network, system administration, database administration, web-administration). The IAM tracks privileged role assignments.

MAC / CONF	Impact	Subject Area
MACI MACII MACIII	High	Enclave Computing Environment

Details

Threat
An organization’s network and the integrity of stored information are at risk if the control of actions, functions, applications and operations of legitimate users are not managed with a role-based access scheme. The unnecessary allocation and use of system privileges significantly increases the vulnerability of systems. Role-based systems are designed to minimize the potential for inside security violations by providing greater control over users' access to information and resources. Also, by assigning individuals to predefined roles, the administrative process of establishing privileges is streamlined and management time for reviewing privilege assignments is reduced.

Threat

An organization’s network and the integrity of stored information are at risk if the control of actions, functions, applications and operations of legitimate users are not managed with a role-based access scheme. The unnecessary allocation and use of system privileges significantly increases the vulnerability of systems. Role-based systems are designed to minimize the potential for inside security violations by providing greater control over users' access to information and resources. Also, by assigning individuals to predefined roles, the administrative process of establishing privileges is streamlined and management time for reviewing privilege assignments is reduced.

Guidance
1. An analysis of how an organization operates shall be accomplished for the basis of defining user roles and privileges. 2. Systems shall employ a role-based access scheme that enforces separation of duties and network privileges. 3. Privileged user accounts (administrators, root/super users on UNIX, routers and LAN servers, SANs, etc) shall be limited to the absolute minimum number needed to manage the system, and the IAM shall document all privileged role assignments. 4. Privileged user accounts shall be limited to the minimum number of privileges needed to perform their assigned duties. 5. Where technically possible, privileged users should initially log on with a personal user ID and only be granted privileged access by way of group assignment. 6. Privileged and guest accounts shall be renamed from any default.

Guidance

1. An analysis of how an organization operates shall be accomplished for the basis of defining user roles and privileges.
2. Systems shall employ a role-based access scheme that enforces separation of duties and network privileges.
3. Privileged user accounts (administrators, root/super users on UNIX, routers and LAN servers, SANs, etc) shall be limited to the absolute minimum number needed to manage the system, and the IAM shall document all privileged role assignments.
4. Privileged user accounts shall be limited to the minimum number of privileges needed to perform their assigned duties.
5. Where technically possible, privileged users should initially log on with a personal user ID and only be granted privileged access by way of group assignment.
6. Privileged and guest accounts shall be renamed from any default.

References

CJCSM 6510. 01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 25 March 2003
NSA Guide to Securing Windows 2000 – Policy Toolsets, 05 March 2003
NSA Guide to Securing Windows XP, 22 October 2004
DISA Unix STIG, Version 4, Release 4, 15 September 2003
DISA UNISYS STIG, 22 July 2003
NSA Windows 2000 Security Recommendations Guide 16 January 2004
NSA Windows NT Security Recommendations Guide 18 September 2001
DISA Database STIG, Version 7, Release 1, 29 October 2004
http://csrc.nist.gov/rbac/