Skip to content

Incident Response

5.10-Account Audit

Task Account Audit¶

Conditions¶

Review standard and privilege accounts to identify and remediate users with access beyond daily operations.

Standards¶

In accordance with Principle of Least Permissions, privileged roles and standard roles must to reviewed on regular basis.

Privileged and Standard roles(accounts) should have minimum permissions to allow daily operations.
All privilege accounts should be separate per roles. (i.e. Domain Admins - DA-username, Servers - svc-username, DNS - dns-username)

Privilege roles (100% Check monthly)
- Enterprise administrators
- Domain Administrators
- Power Users
- HelpDesk
- Service Accounts
- DNS Administrators
- Other
Standard Roles (20% Check quarterly)
- All standard role accounts with separate privilege role accounts should be checked montly.

End State¶

Agency free of standard users accounts with privilege roles.
Separation of privilege roles (DNS, DA, Enterprise, etc)

Notes¶

Manual Steps¶

Running Scripts¶

Dependencies¶

References¶

NIST 800-53 AC-6
NIST 800-171 (3.1.5)

Revision History¶