Privileged users are assigned a dedicated privileged user account to be used solely for duties requiring privileged access.
Topic
Privileged access to systems
Applicable to
all
History
Priority
must
Sep 2024
Privileged users are assigned a dedicated privileged user account to be used solely for duties requiring privileged access.
References to ‘privileged accounts’ were changed to ‘privileged user accounts’ in order to more closely match Microsoft Active Directory account types (i.e. ‘users’ and ‘computers’). Note, the definition of privileged accounts (which referred to such accounts as being a combination of privileged user accounts and privileged service accounts) has been removed. Privileged service accounts are now treated as a subset of privileged user accounts.
Sep 2023
Privileged users are assigned a dedicated privileged account to be used solely for duties requiring privileged access.
The essential eight applicability marking for the existing control relating to privileged users being assigned a dedicated privileged account to be used solely for duties requiring privileged access was updated to reflect that it maps to the restrict administrative privileges mitigation strategy within the Essential Eight Maturity Model.
2015
Agencies must restrict the use of privileged accounts by ensuring that:• the use of privileged accounts are controlled and auditable• system administrators are assigned a dedicated account to be used solely for theperformance of their administration tasks• privileged accounts are kept to a minimum• privileged accounts are used for administrative work only• passphrases for privileged accounts are regularly audited to check they meet passphraseselection requirements• passphrases for privileged accounts are regularly audited to check the same passphrase isnot being reused over time or for multiple accounts (particularly between privileged andunprivileged accounts)• privileges allocated to privileged accounts are regularly reviewed.
2010
Agencies must:• ensure the use of privileged accounts is controlled and accountable• ensure system administrators are assigned an individual account for the performance of theiradministration tasks• keep privileged accounts to a minimum• allow the use of privileged accounts for administrative work only.