The Critical Security Controls for Effective Cyber Defense, published by the SANS Institute, were authored by federal government agencies, commercial forensics experts and penetration testers.
The Critical Security Controls give no-nonsense, highly actionable guidelines for securing IT – written in language that’s easily understood.
The controls consists of 20 sections, each outlining a different, critical security control.
Critical Security Control 12 – Controlled Use of Administrative Privileges
With the rise in data breaches attributed to unauthorized access to privileged accounts, most regulatory compliance initiatives now mandate proper controls for these powerful identities. The SANS guidelines are no exception. Critical Security Control 12 lists precisely the minimum controls necessary – and the actions you’ll need to take – to secure privileged credentials.
Enterprise Random Password Manager (ERPM) helps you achieve continuous compliance with Control 12 quickly by automating the process required to:
- Continuously inventory all privileged accounts – on all hardware and appliance platforms; including administrative logins, application-to-application passwords and service accounts.
- Programmatically change all default privileged logins present in operating systems, applications, appliances, and elsewhere to cryptographically complex values.
- Change all privileged passwords on intervals not longer than every 60 days.
- Enforce cryptographically complex, frequently-changed passwords on service accounts.
- Store system passwords in an encrypted format, accessible only by authorized super users.
- Enforce least-privilege so that privileged accounts are used only for system administration and never for activities requiring lesser privileges.
- Establish unique, different passwords for administrator and non administrative accounts.
- Enforce rules to prevent privileged password re-use.
- Audit the use of privileged logins and alert management to any unusual activity.
- Log, audit and alert whenever privileged accounts are added, deleted or changed.
- Require multi-factor authentication for privileged access.
- Avoid direct logins with administrative accounts; instead use proxies wherever possible.
- Protect and control privileged access to your systems and data by third parties.
- Segregate privilege accounts based on defined roles.