U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Project Description (Initial Public Draft)

Privileged Account Management: Securing Privileged Accounts for the Financial Services Sector

Date Published: October 2017
Comments Due: November 13, 2017 (public comment period is CLOSED)
Email Questions to: financial_nccoe@nist.gov

Author(s)

Jim Banoczi (NIST), Harry Perper (MITRE), Susan Prince (MITRE)

Announcement

Privileged Account Management (PAM) is a domain within Identity and Access Management (IdAM) focusing on monitoring and controlling the use of privileged accounts. Privileged accounts include local and domain administrative accounts, emergency accounts, application management, and service accounts. These powerful accounts provide elevated, often non-restricted access to the underlying IT resources and technology which is why attackers or malicious insiders seek to gain access to them. Hence, it is critical to monitor, audit, control, and manage privileged account usage. Many organizations, including financial sector companies face challenges managing privileged accounts. In response to this potential threat, the Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) has specified privileged accounts be tightly controlled.

The goal of this project is to demonstrate a PAM capability that effectively protects, monitors, and manages privileged account access to include their life cycle management, authentication, authorization, auditing, and access controls. This project will result in a freely available NIST Cybersecurity Practice Guide which includes a reference design, fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.

Abstract

Keywords

auditing; authentication; authorization; life cycle management; multifactor authentication; PAM; Privileged Account Management; access control; provisioning management
Control Families

None selected

Documentation

Publication:
Draft Project Description (pdf)

Supplemental Material:
Project homepage

Related NIST Publications:
SP 1800-18 (Draft)

Document History:
10/12/17: Project Description (Draft)