U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

White Paper (Draft)

[Project Description] Privileged Account Management: Securing Privileged Accounts for the Financial Services Sector

Date Published: October 2017
Comments Due: November 13, 2017 (public comment period is CLOSED)
Email Questions to: financial_nccoe@nist.gov


Jim Banoczi (NIST), Harry Perper (MITRE), Susan Prince (MITRE)


Privileged Account Management (PAM) is a domain within Identity and Access Management (IdAM) focusing on monitoring and controlling the use of privileged accounts. Privileged accounts include local and domain administrative accounts, emergency accounts, application management, and service accounts. These powerful accounts provide elevated, often non-restricted access to the underlying IT resources and technology which is why attackers or malicious insiders seek to gain access to them. Hence, it is critical to monitor, audit, control, and manage privileged account usage. Many organizations, including financial sector companies face challenges managing privileged accounts. In response to this potential threat, the Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) has specified privileged accounts be tightly controlled.

The goal of this project is to demonstrate a PAM capability that effectively protects, monitors, and manages privileged account access to include their life cycle management, authentication, authorization, auditing, and access controls. This project will result in a freely available NIST Cybersecurity Practice Guide which includes a reference design, fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.



access control; auditing; authentication; authorization; life cycle management; multifactor authentication; PAM; Privileged Account Management; provisioning management
Control Families

None selected


Draft Project Description

Supplemental Material:
Submit Comments (other)
Project Homepage (other)

Related NIST Publications:
SP 1800-18 (Draft)

Document History:
10/12/17: White Paper (Draft)