Question: Is privileged administrative access to infrastructure systems brokered, monitored, and periodically reviewed?
-
Objective — Why This Matters
Administrative privileges are the keys to the kingdom. Brokering and monitoring access prevents insider misuse and ensures accountability. -
Maturity Levels (0 – 5)
Shared admin passwords; no tracking.
Manual approvals; partial logging.
Named admin accounts; periodic reviews.
Jump-host or PAM solution deployed; session recording.
JIT access, MFA, and SIEM integration.
Adaptive privilege analytics with automatic revocation.
- How to Level Up
| From → To | Actions |
|---|---|
| 0 → 1 | Prohibit shared credentials; track admin actions manually. |
| 1 → 2 | Create named accounts; enforce strong authentication. |
| 2 → 3 | Implement PAM or jump host with session logging. |
| 3 → 4 | Add JIT elevation and SIEM alerts. |
| 4 → 5 | Introduce analytics for privilege anomalies and auto-revocation. |
-
People / Process / Technology Enablers
People – System Admins, SOC.
Process – Access review, session monitoring, quarterly certification.
Technology – Teleport, Vault, Wazuh, Keycloak. -
Evidence Required
Access approval logs, session recordings, certification reports. -
Metrics / KPIs
• number of privileged accounts without assigned owner
• percentage of sessions recorded and archived
• average time to revoke inactive admin rights -
Low-Cost / Open-Source Options (MSME)
| Purpose | Tool | Notes |
|---|---|---|
| PAM / Jump host | Teleport Community / Guacamole | Broker and record admin sessions. |
| Access control | Keycloak | MFA and RBAC for admin logins. |
| Monitoring | Wazuh | Alerts on privilege use and anomalies. |
-
Common Pitfalls
Shared root access; unreviewed exceptions; missing MFA for console sessions. -
Compliance Mapping
| Standard | Clauses / Notes |
|---|---|
| ISO 27001 | A.5.15 / A.5.18. |
| NIST CSF 2.0 | PR.AC-6 / DE.CM-3. |
| CERT-In 2022 | Privileged access governance. |
| NIRMATA Scoring | IS-Q11 ≥ Level 4 requires JIT + MFA integration. |