Privileged user accounts (excluding those explicitly authorised to access online services) are prevented from accessing the internet, email and web services.
Topic
Privileged access to systems
Applicable to
all
History
Priority
must
Sep 2024
Privileged user accounts (excluding those explicitly authorised to access online services) are prevented from accessing the internet, email and web services.
References to ‘privileged accounts’ were changed to ‘privileged user accounts’ in order to more closely match Microsoft Active Directory account types (i.e. ‘users’ and ‘computers’). Note, the definition of privileged accounts (which referred to such accounts as being a combination of privileged user accounts and privileged service accounts) has been removed. Privileged service accounts are now treated as a subset of privileged user accounts.
Dec 2023
Privileged accounts (excluding those explicitly authorised to access online services) are prevented from accessing the internet, email and web services.
The existing controls relating to privileged user accounts and privileged service accounts being prevented from accessing the internet, email and web services were merged. Furthermore, the merged control was amended to include an exclusion to allow for explicitly authorised privileged accounts to access online services. [ISM-1175, ISM-1653]
2017
Agencies must prevent users from using privileged accounts to read emails, openattachments, browse the web or obtain files via internet services such as instant messagingor social media.
Control Text Changed. No public explaination.
2015
Agencies must prevent users from using privileged accounts to access the Internet and email.