User Account Management

Manage the creation, modification, use, and permissions associated to user accounts.

ID: M0918
Security Controls: IEC 62443-3-3:2013 - SR 1.3, IEC 62443-4-2:2019 - CR 1.3, NIST SP 800-53 Rev. 5 - AC-2
Version: 1.0
Created: 06 June 2019
Last Modified: 20 September 2023

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0811 Data from Information Repositories

Ensure users and user groups have appropriate permissions for their roles through Identity and Access Management (IAM) controls to prevent misuse. Implement user accounts for each individual that may access the repositories for role enforcement and non-repudiation of actions.

ICS T0822 External Remote Services

Consider utilizing jump boxes for external remote access. Additionally, dynamic account management may be used to easily remove accounts when not in use.

ICS T0838 Modify Alarm Settings

Limit privileges of user accounts and groups so that only designated administrators or engineers can interact with alarm management and alarm configuration thresholds.

ICS T0886 Remote Services

Limit the accounts that may use remote services. Limit the permissions for accounts that are at higher risk of compromise; for example, configure SSH so users can only run specific programs.

ICS T0881 Service Stop

Limit privileges of user accounts and groups so that only authorized administrators can change service states and configurations.

ICS T0859 Valid Accounts

Ensure users and user groups have appropriate permissions for their roles through Identity and Access Management (IAM) controls. Implement strict IAM controls to prevent access to systems except for the applications, users, and services that require access. Implement user accounts for each individual for enforcement and non-repudiation of actions.