Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Project Description (Initial Public Draft)

Privileged Account Management: Securing Privileged Accounts for the Financial Services Sector

Date Published: October 2017
Comments Due: November 13, 2017 (public comment period is CLOSED)
Email Questions to: financial_nccoe@nist.gov

Author(s)

Jim Banoczi (NIST), Harry Perper (MITRE), Susan Prince (MITRE)

Announcement

Privileged Account Management (PAM) is a domain within Identity and Access Management (IdAM) focusing on monitoring and controlling the use of privileged accounts. Privileged accounts include local and domain administrative accounts, emergency accounts, application management, and service accounts. These powerful accounts provide elevated, often non-restricted access to the underlying IT resources and technology which is why attackers or malicious insiders seek to gain access to them. Hence, it is critical to monitor, audit, control, and manage privileged account usage. Many organizations, including financial sector companies face challenges managing privileged accounts. In response to this potential threat, the Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) has specified privileged accounts be tightly controlled.

The goal of this project is to demonstrate a PAM capability that effectively protects, monitors, and manages privileged account access to include their life cycle management, authentication, authorization, auditing, and access controls. This project will result in a freely available NIST Cybersecurity Practice Guide which includes a reference design, fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.

Abstract

Keywords

auditing; authentication; authorization; life cycle management; multifactor authentication; PAM; Privileged Account Management; access control; provisioning management
Control Families

None selected

Documentation

Publication:
Draft Project Description (pdf)

Supplemental Material:
Project homepage

Related NIST Publications:
SP 1800-18 (Draft)

Document History:
10/12/17: Project Description (Draft)