Title Page
-
Site conducted
-
Conducted on
-
Prepared by
Data Collection & Analysis Phase
List Privileged Accounts
-
Compile a list of all privileged accounts, both human and non-human (e.g., service accounts).
-
What was the issues?
-
Upload List of Privileged Accounts in ControlMap
Current Permission Sets
-
Identify the scope and depth of each privileged user's access rights.
-
What was the issues?
Credential Management
-
Review how credentials for these accounts are stored, managed, and rotated.
-
What was the issues?
Need for Privilege
-
Confirm if the current level of privilege is necessary for the assigned roles.
-
Why not?
-
Inactive Accounts
-
Identify any privileged accounts that are dormant but still have high-level access.
-
What inactive accounts still had access?
-
Separation of Duties
-
Confirm that duties and access are appropriately separated to prevent conflicts of interest or fraud.
-
What were the issues and what was done about it?
-
Review & Remediation Phase
Technical Validation
-
Have IT security validate the appropriateness of the access levels.
-
Were any issues found?
-
What was found?
Business Validation
-
Get sign-off from senior managers or business owners for the current level of privileged access.
De-Provision
-
Remove unnecessary privileged accounts or downgrade to lower access levels.
-
Why?
-
What account was De-Provision?
Adjust Permissions
-
Correct over-permissions or under-permissions based on the review findings.
-
What permissions were adjusted?
-
Why
User Training
-
Re-train users who will continue to have privileged access about the responsibilities and risks involved.
-
Why not needed?
-
What users were Re-train?
Credential Updates
-
Update or rotate credentials for remaining privileged accounts.
-
Why were not credentials updated?
-
What credentials were updated?
