Privileged user account and security group management events are centrally logged.
Topic
Privileged access to systems
Applicable to
all
History
Sep 2024
Privileged user account and security group management events are centrally logged.
A reference to Microsoft Active Directory ‘groups’ was changed to ‘security groups’ in order to more closely match Microsoft Active Directory terminology.
Sep 2024
Privileged user account and security group management events are centrally logged.
References to ‘privileged accounts’ were changed to ‘privileged user accounts’ in order to more closely match Microsoft Active Directory account types (i.e. ‘users’ and ‘computers’). Note, the definition of privileged accounts (which referred to such accounts as being a combination of privileged user accounts and privileged service accounts) has been removed. Privileged service accounts are now treated as a subset of privileged user accounts.
Dec 2023
Privileged account and group management events are centrally logged.
The existing control relating to the centralised storage of privileged account and group management event logs was merged into the existing control relating to collecting privileged account and group management event logs. [ISM-1650, ISM-1652]
Dec 2022
Privileged account and group management events are logged.
Existing controls relating to event logging were amended to increase clarity of intent and to reduce duplication of content. As a result, common guidance was consolidated into the event logging and monitoring section of the Guidelines for System Monitoring.