Privileged Account Management

Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.

ID: M0926
Security Controls: IEC 62443-3-3:2013 - SR 1.3, IEC 62443-4-2:2019 - CR 1.3, NIST SP 800-53 Rev. 4 - AC-2
Version: 1.0
Created: 06 June 2019
Last Modified: 06 May 2022

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0809 Data Destruction

Minimize permissions and access for service accounts to limit the information that may be impacted by malicious users or software. [1]

ICS T0811 Data from Information Repositories

Minimize permissions and access for service accounts to limit the information that may be exposed or collected by malicious users or software. [1]

ICS T0819 Exploit Public-Facing Application

Use least privilege for service accounts. [2] [1]

ICS T0866 Exploitation of Remote Services

Minimize permissions and access for service accounts to limit impact of exploitation. [2]

ICS T0842 Network Sniffing

Restrict root or administrator access on user accounts to limit the ability to capture promiscuous traffic on a network through common packet capture tools. [1]

ICS T0859 Valid Accounts

Audit domain and local accounts and their permission levels routinely to look for situations that could allow an adversary to gain system wide access with stolen privileged account credentials. [3] [4]These audits should also identify if default accounts have been enabled, or if new local accounts are created that have not be authorized. Follow best practices for design and administration of an enterprise network to limit privileged account use across administrative tiers. [5]

References