Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (DRAFT)

[Project Description] Privileged Account Management: Securing Privileged Accounts for the Financial Services Sector

Date Published: October 2017
Comments Due: November 13, 2017 (public comment period is CLOSED)
Email Questions to: financial_nccoe@nist.gov

Author(s)

Jim Banoczi (NIST), Harry Perper (MITRE), Susan Prince (MITRE)

Announcement

Privileged Account Management (PAM) is a domain within Identity and Access Management (IdAM) focusing on monitoring and controlling the use of privileged accounts. Privileged accounts include local and domain administrative accounts, emergency accounts, application management, and service accounts. These powerful accounts provide elevated, often non-restricted access to the underlying IT resources and technology which is why attackers or malicious insiders seek to gain access to them. Hence, it is critical to monitor, audit, control, and manage privileged account usage. Many organizations, including financial sector companies face challenges managing privileged accounts. In response to this potential threat, the Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) has specified privileged accounts be tightly controlled.

The goal of this project is to demonstrate a PAM capability that effectively protects, monitors, and manages privileged account access to include their life cycle management, authentication, authorization, auditing, and access controls. This project will result in a freely available NIST Cybersecurity Practice Guide which includes a reference design, fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.

Abstract

Keywords

access control; auditing; authentication; authorization; life cycle management; multifactor authentication; PAM; Privileged Account Management; provisioning management
Control Families

None selected