Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AA-05.9: Privileged users shall be managed, monitored and audited. |
|
PR.AA-05.9 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p99 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal ofthis control is to ensure that privileged useraccounts, thosewith elevated access to critical systems, are tightly controlled, continuously monitored, and independently audited. This should reduce the risk of mis- use, ensure accountability, and protect critical Information Technology (IT), Operational Technology (OT), and Internet of Things (IoT) environments. To achieve this goal, the organisation should: - Enforce Strong Privileged Access Management Privileged accounts should have clearly defined roles, limited access scopes, and be subject to regular access reviews. - Implement Continuous Monitoring All privileged user activities should be logged and monitored continuously, using automated tools where possible, to support traceability and incident response. - Conduct Independent Audits - Audits should be performed periodically by individuals who are independent of the access management process. - Audits should: - Verify that privileged access is granted in line with policy. - Confirm that monitoring and logging mechanisms function correctly. - Identify misuse, policy violations, or deviations. - Produce documented outcomes such as audit reports or corrective action plans. - Apply the Four-Eyes Principle No single individual should be able to grant, modify, orrevoke privileged accesswithout oversight orapproval from another authorised person. - Differentiate Between Monitoring and Auditing - Daily compliance monitoring should focus on operational issues (e.g. alerts, anomalies). - Periodic audits should assess the overall effectiveness and integrity of the privileged access management process. - Ensure OT-Specific Feasibility In OT environments, privileged access controls should be adapted to operational and safety constraints. Where full auditing is not feasible, compensating controls such as interface-level logging or external review should be implemented. - Align with ENISA Guidance These practices should align with ENISA’s NIS2 Technical Implementation Guidance, which highlights the importance of privileged access control, monitoring, and auditing in securing essential services and critical infrastructure. |
|
A general note, for any purpose. |
The goal ofthis control is to ensure that privileged useraccounts, thosewith elevated access to critical systems, are tightly controlled, continuously monitored, and independently audited. This should reduce the risk of mis- use, ensure accountability, and protect critical Information Technology (IT), Operational Technology (OT), and Internet of Things (IoT) environments. To achieve this goal, the organisation should: • Enforce Strong Privileged Access Management Privileged accounts should have clearly defined roles, limited access scopes, and be subject to regular access reviews. • Implement Continuous Monitoring All privileged user activities should be logged and monitored continuously, using automated tools where possible, to support traceability and incident response. • Conduct Independent Audits o Audits should be performed periodically by individuals who are independent of the access management process. o Audits should: - Verify that privileged access is granted in line with policy. - Confirm that monitoring and logging mechanisms function correctly. - Identify misuse, policy violations, or deviations. - Produce documented outcomes such as audit reports or corrective action plans. • Apply the Four-Eyes Principle No single individual should be able to grant, modify, orrevoke privileged accesswithout oversight orapproval from another authorised person. • Differentiate Between Monitoring and Auditing o Daily compliance monitoring should focus on operational issues (e.g. alerts, anomalies). o Periodic audits should assess the overall effectiveness and integrity of the privileged access management process. • Ensure OT-Specific Feasibility In OT environments, privileged access controls should be adapted to operational and safety constraints. Where full auditing is not feasible, compensating controls such as interface-level logging or external review should be implemented. • Align with ENISA Guidance These practices should align with ENISA’s NIS2 Technical Implementation Guidance, which highlights the importance of privileged access control, monitoring, and auditing in securing essential services and critical infrastructure. |
|
A general note, for any purpose. |
The goal ofthis control is to ensure that privileged useraccounts, thosewith elevated access to critical systems, are tightly controlled, continuously monitored, and independently audited. This should reduce the risk of mis- use, ensure accountability, and protect critical Information Technology (IT), Operational Technology (OT), and Internet of Things (IoT) environments. To achieve this goal, the organisation should: - Enforce Strong Privileged Access Management Privileged accounts should have clearly defined roles, limited access scopes, and be subject to regular access reviews. - Implement Continuous Monitoring All privileged user activities should be logged and monitored continuously, using automated tools where possible, to support traceability and incident response. - Conduct Independent Audits - Audits should be performed periodically by individuals who are independent of the access management process. - Audits should: - Verify that privileged access is granted in line with policy. - Confirm that monitoring and logging mechanisms function correctly. - Identify misuse, policy violations, or deviations. - Produce documented outcomes such as audit reports or corrective action plans. - Apply the Four-Eyes Principle No single individual should be able to grant, modify, orrevoke privileged accesswithout oversight orapproval from another authorised person. - Differentiate Between Monitoring and Auditing - Daily compliance monitoring should focus on operational issues (e.g. alerts, anomalies). - Periodic audits should assess the overall effectiveness and integrity of the privileged access management process. - Ensure OT-Specific Feasibility In OT environments, privileged access controls should be adapted to operational and safety constraints. Where full auditing is not feasible, compensating controls such as interface-level logging or external review should be implemented. - Align with ENISA Guidance These practices should align with ENISA’s NIS2 Technical Implementation Guidance, which highlights the importance of privileged access control, monitoring, and auditing in securing essential services and critical infrastructure. |
|
A general note, for any purpose. |
<div><p>The goal ofthis control is to ensure that privileged useraccounts, thosewith elevated access to critical systems, are tightly controlled, continuously monitored, and independently audited. This should reduce the risk of mis- use, ensure accountability, and protect critical Information Technology (IT), Operational Technology (OT), and Internet of Things (IoT) environments. To achieve this goal, the organisation should:</p><ul><li>Enforce Strong Privileged Access Management Privileged accounts should have clearly defined roles, limited access scopes, and be subject to regular access reviews.</li><li>Implement Continuous Monitoring All privileged user activities should be logged and monitored continuously, using automated tools where possible, to support traceability and incident response.</li><li>Conduct Independent Audits<ul><li>Audits should be performed periodically by individuals who are independent of the access management process.</li><li>Audits should:<ul><li>Verify that privileged access is granted in line with policy.</li><li>Confirm that monitoring and logging mechanisms function correctly.</li><li>Identify misuse, policy violations, or deviations.</li><li>Produce documented outcomes such as audit reports or corrective action plans.</li></ul></li></ul></li><li>Apply the Four-Eyes Principle No single individual should be able to grant, modify, orrevoke privileged accesswithout oversight orapproval from another authorised person.</li><li>Differentiate Between Monitoring and Auditing<ul><li>Daily compliance monitoring should focus on operational issues (e.g. alerts, anomalies).</li><li>Periodic audits should assess the overall effectiveness and integrity of the privileged access management process.</li></ul></li><li>Ensure OT-Specific Feasibility In OT environments, privileged access controls should be adapted to operational and safety constraints. Where full auditing is not feasible, compensating controls such as interface-level logging or external review should be implemented.</li><li>Align with ENISA Guidance These practices should align with ENISA’s NIS2 Technical Implementation Guidance, which highlights the importance of privileged access control, monitoring, and auditing in securing essential services and critical infrastructure.</li></ul></div> |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AA-05.9 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Privileged user audit |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Privileged users shall be managed, monitored and audited. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1