User accounts are provisioned with the minimum privileges required.
Topic
Microsoft Active Directory Domain Services account hardening
Applicable to
all
History
Sep 2024
User accounts are provisioned with the minimum privileges required.
The existing control relating to service accounts being provisioned with the minimum privileges required and not being members of the Domain Admins security group, or similar highly-privileged security groups, was split into two separate controls. (ISM-1833, ISM-1940)
Mar 2023
Service accounts are provisioned with the minimum privileges required and are not members of the domain administrators group or similar highly privileged groups.
Thirteen new controls were added covering Microsoft AD DS account hardening.