System Owner

Authentication for access using privileged accounts includes Multi-Factor Authentication. This can include Multi-Factor Authentication to get access to a network and subsequent strong cryptographic asymmetric keys for authentication. Devices cannot be marked as ‘trusted’ for Multi-Factor for privileged access. MFA-tokens used as factors are user-specific and measures are in place to safeguard that these tokens remain strictly personal.

There is a procedure to use Privileged Access Management in unpredicted and/or emergency situations when access to privileged accounts is required in unanticipated events (privileged or non-privileged). Passwords are rotated after use of Break Glass Procedure The CISO and Process Owners are informed of any use of the break-glass procedure.

Privileged Access to IT services is orchestrated through a Privileged Access Management (PAM) system. Actions taken using privileged accounts are logged or recorded. These actions are reviewed (either sample-based or systematically). Credentials to privileged accounts are not exposed to end users. When passwords are used instead of cryptographic keys or passwordless authentication, passwords are rotated automatically (one-time-use passwords) at the end of the session.

Accounts for privileged users are separate from regular user accounts. If a user needs privileged functionality, a second (privileged) account will be created to keep the privileged and non-privileged activities separated. Privileged Accounts usage is Just-in-Time, meaning they are only provided when needed and the access revoked after the tasks are completed. Logging in with privileged accounts on public facing services is prohibited, only local services (with non-internet routable IP’s) may be configured to accept direct logins with privileged accounts. There are additional protections to change or reset MFA access methods for Privileged Access, that involve validating the identity of...

Service accounts are only used when necessary for system authentication (no association with natural persons) or system-to-system authentication. The purpose of a service account is always documented. Each unique application-to-service link should have a unique service account. Service Accounts are never used to perform actions as natural persons. Service Accounts are configured according to Least Privilege and, where used, have stronger password complexity requirements than regular accounts. Where possible passwordless authentication is used for service accounts. Regular user accounts can only be used to automate tasks for the individual user and not for generic processes. Changes to service accounts are...

Privileged Access involves all user access that exposes more functionality than regular users have on any layer of the IT service infrastructure. Authorisations for privileged access are required to follow Least Privilege (just-enough admin). Privileged Access is just-in-time, meaning it is only used for when needed and regular user actions are not performed using the privileged account. Privileged access is demonstrably limited to authorised personnel, an authorisation matrix is available for this access. Templates and references Template-AutorisatiematrixDownload

Administrative interfaces (other than application-level) are only accessible from an internal zone designated for administrative tasks. Access to this zone is secured via jumpservers. These jumpservers are used exclusively for the privileged actions.

A distinction must be made between security levels within the IT landscape when considering privileged access secret authentication information, where a logical distinction is made at least for user endpoints, network access-layer, network core, server-administrator and domain administrator.

Emergency power to IT equipment is available or a hot-site connected to a separate power source is available.

Access to physical areas housing IT equipment or sensitive data must be logged and checked at least monthly for deviating situations. Procedures for working in secure areas are in place and adherence to them monitored. The procedures include at a minimum rules regarding: how and when access can be obtained by whom work should be supervised or checked no recordings can be made in secure areas how guests and contractors can perform their work activities rules regarding consumption of food emergency protocols and how any out-of-ordinary situations can be reported.