IDSO-011: All privileged access is periodically attested

Description: List of ALL privileged access and execute an attestation campaign that will provide visibility and verification of privileged access.

Benefit: Reduce risk of breach due to too much access. Visibility and verification for “who has access to what” for privileged access accounts and provide verifiable evidence for auditors.

Watch the deep dive webinar to learn more about this security outcome.

Implementation Approaches

Security Frameworks

NIST Cybersecurity Framework 1.1

  • PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
  • PR.AC-3: Remote access is managed
  • PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions
TitleAutomated Attestation Campaign for Privileged Accounts
Technology ComponentsPrivileged Access Management (PAM)
Identity Governance and Administration (IGA)
DescriptionPAM solutions and IGA solutions identify a list of shared and individual privileged accounts and people or services who have access to those accounts. IGA executes a periodic and automated attestation campaign. Any de-provisioning results will be automatically handled by IGA where possible and passed to PAM as necessary.
Pre-requisitesPAM is integrated with IGA where privileged accounts/entitlements are monitored
Automated (periodic or event-triggered) attestation campaigns are generated
IGA communicates with PAM for any necessary remediation in PAM and PAM-managed resources
Supporting Member CompaniesBeyondTrustCentrifyCyberArkFischer IdentityOmadaRemediantSailPointSaviyntSecZetta
TitleManual Reporting and Attestation
Technology ComponentsPrivileged Access Management (PAM)
DescriptionReport from PAM solution is manually sent to manager for attestation and manual remediation applied.
Pre-requisitesPrivileged accounts/entitlements can be reported from PAM
Process is in place to generate these reports periodically for reviews
Process is in place for reviewers to provider feedback
Manual deprovisioning of privileged accounts/entitlements is carried out per reviewers’ inputs
Supporting Member CompaniesBeyondTrustCentrifyCyberArkFischer IdentityOmadaRemediant


Let's work together to help everyone become more secure.