Description: List of ALL privileged access and execute an attestation campaign that will provide visibility and verification of privileged access.
Benefit: Reduce risk of breach due to too much access. Visibility and verification for “who has access to what” for privileged access accounts and provide verifiable evidence for auditors.
Watch the deep dive webinar to learn more about this security outcome.
Implementation Approaches
Security Frameworks
NIST Cybersecurity Framework 1.1
- PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
- PR.AC-3: Remote access is managed
- PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions
| Title | Automated Attestation Campaign for Privileged Accounts |
| Technology Components | Privileged Access Management (PAM) Identity Governance and Administration (IGA) |
| Description | PAM solutions and IGA solutions identify a list of shared and individual privileged accounts and people or services who have access to those accounts. IGA executes a periodic and automated attestation campaign. Any de-provisioning results will be automatically handled by IGA where possible and passed to PAM as necessary. |
| Pre-requisites | PAM is integrated with IGA where privileged accounts/entitlements are monitored Automated (periodic or event-triggered) attestation campaigns are generated IGA communicates with PAM for any necessary remediation in PAM and PAM-managed resources |
| Supporting Member Companies | BeyondTrust, Centrify, CyberArk, Fischer Identity, Omada, Remediant, SailPoint, Saviynt, SecZetta |
| Title | Manual Reporting and Attestation |
| Technology Components | Privileged Access Management (PAM) |
| Description | Report from PAM solution is manually sent to manager for attestation and manual remediation applied. |
| Pre-requisites | Privileged accounts/entitlements can be reported from PAM Process is in place to generate these reports periodically for reviews Process is in place for reviewers to provider feedback Manual deprovisioning of privileged accounts/entitlements is carried out per reviewers’ inputs |
| Supporting Member Companies | BeyondTrust, Centrify, CyberArk, Fischer Identity, Omada, Remediant |
