Cyber Essentials Self Assessment: Administrative Accounts

This security wiki provides guidelines for the proper management and control of administrative accounts within your organisation. Follow these recommendations to establish secure administrative account practices.

A7.5. Formal Process for Administrator Access:

Describe the formal process followed by your organisation when granting someone access to systems at an administrator level. Outline the steps involved, including any approvals required from management or IT administrators. This process should include identity verification, role justification, and access control mechanisms to ensure that administrator access is granted only to authorised personnel.

A7.6. Use of Separate Administrator Accounts:

Explain how your organisation ensures that separate administrator accounts are used for performing administrative tasks such as software installations and configuration changes. This practice helps minimise the risk of compromise by malware or unauthorised access. Describe the procedures and controls in place to enforce the use of dedicated administrator accounts.

A7.7. Prevention of Everyday Tasks with Administrator Accounts:

Describe the measures your organisation employs to prevent administrator accounts from being used for everyday tasks such as web browsing and accessing email. Regular use of administrator accounts for such activities increases the exposure to potential malware and compromises system security. Outline policies, procedures, and staff training initiatives to ensure users understand the importance of segregating their regular activities from administrative tasks.

A7.8. Formal Tracking of Administrator Accounts:

Answer "yes" or "no" to indicate whether your organisation formally tracks and keeps a record of users who have been granted administrator accounts. Maintaining a centralised record helps monitor and manage administrative access, ensuring accountability and assisting with audit trails if required.

A7.9. Regular Review of Administrative Access:

Answer "yes" or "no" to indicate whether your organisation conducts regular reviews of individuals with administrative access privileges. Regular reviews are essential to validate the necessity of administrative access for each user, ensuring that access remains aligned with their roles and responsibilities. This helps reduce the risk of unauthorised access and promotes effective access control.

By implementing robust practices for managing administrative accounts, organisations can enhance the security of their systems, reduce the risk of unauthorised access, and enforce accountability among administrators.

Note: The information provided above is based on general security practices. Organisations should adapt these guidelines to align with their specific requirements and consult with cybersecurity professionals for tailored advice related to the management of administrative accounts.

Find out more about Periculo Cyber Essentials or contact us