Privileged user accounts explicitly authorised to access online services are strictly limited to only what is required for users and services to undertake their duties.
Topic
Privileged access to systems
Applicable to
all
History
Sep 2024
Privileged user accounts explicitly authorised to access online services are strictly limited to only what is required for users and services to undertake their duties.
References to ‘privileged accounts’ were changed to ‘privileged user accounts’ in order to more closely match Microsoft Active Directory account types (i.e. ‘users’ and ‘computers’). Note, the definition of privileged accounts (which referred to such accounts as being a combination of privileged user accounts and privileged service accounts) has been removed. Privileged service accounts are now treated as a subset of privileged user accounts.
Dec 2023
Privileged accounts explicitly authorised to access online services are strictly limited to only what is required for users and services to undertake their duties.
A new control recommending privileged accounts explicitly authorised to access online services be strictly limited to only what is required for users and services to undertake their duties was added. [ISM-1883]