NIST SPECIAL PUBLICATION 1800 -18
Privileged Account
Management for the
Financial Services Sector
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B);
and How -To Guide s (C)
Karen Waltermire
Tom Conroy
Marisa Harriston
Chinedum Irrechukwu
Navaneeth Krishnan
James Memole -Doodson
Benjamin Nkrumah
Harry Perper
Susan Prince
Devin Wynne
DRAFT
This publication is available free of charge from:
https://www.nccoe.nist.gov/projects/use -cases/privileged -account -management
NIST SPECIAL PUBLICATION 1800 -18
Privileged Account Management
for the Financial Ser vices Sector
Includes Executive Summary (A); Approach, Architecture, an d Security Characteristics (B) ;
and How -To Guides (C)
Karen Waltermire
National Cybersecurity Center of Excellence
Information Technology Laboratory
Tom Conroy
Marisa Harriston
Chinedum Irrechukwu
Navaneeth Krishnan
James Memole -Doodson
Benjamin Nkrumah
Harry Perper
Susan Prince
Devin Wynne
The MITRE Corporation
McLean, VA
DRAFT
September 2018
U.S. Department of Commerce
Wilbur Ross , Secretary
National Institute of Standards and Technology
Walter G. Copan, Undersecretary of Commerce for Standards and Technology and Director
NIST SPECIAL PUBLICATION 1800 -18A
Privileged Account Management
for the Financial Services Sector
Volume A :
Executive Summary
Karen Waltermire
National Cybersecurity Center of Excellence
Information Technology Laboratory
Tom Conroy
Marisa Harriston
Chinedum Irrechukwu
Navaneeth Krishnan
James Memole -Doodson
Benjamin Nkrumah
Harry Perper
Susan Prince
Devin Wynne
The MITRE Corporation
McLean, VA
September 2018
DRAFT
This publication is available free of charge from:
https://www.nccoe.nist.gov/projects/use -cases/privileged -account -management
DRAFT
NIST SP 1800 -18A: Privileged Account Management for the Financial Services Sector 1 Executive Summary 1
▪ Privileged accounts are used to access and manage an organization’s information assets and 2
systems. Often described as the “keys to the kingdom ,” these accounts are used by trusted 3
users who perform tasks that ordinary users are not authorized to perform. 4
▪ Controlling these accounts is challenging , as the very natur e of the functions that they perform 5
require s broad access and authority . Additionally, this broad access makes privileged accounts a 6
tempting target for external and internal malicious actor s and increases the impact of accidental 7
mistakes. 8
▪ Malicious actors can inflict substantial harm , often without notice. Industry reports have 9
identified that privilege misuse is a major component of reported cyber incidents , with 10
estimates up to 80 percent of all data breaches ( Forrester 2016 ). 11
▪ To address this challenge , the National Cybersecurity Center of Excellence (NCCoE) has 12
developed a reference design that illustrates how financial institutions can implement a 13
privileged account m anagement ( PAM ) system to secure, manage, control, and audit the use of 14
privileged accounts. 15
▪ This National Institute of Standards and Technology ( NIST ) Cybersecurity Practice Guide 16
describes how financial -services companies can use commercially available technology to 17
implement PAM to reduce the risk associated with privileged accounts . 18
CHALLENGE 19
Financial organizations rely on privileged accounts to enable authorized users to perform their duties 20
with little to no direct oversight or technical control of their actions. Companies have difficulty managing 21
these accounts , which , in turn , opens a si gnificant risk to the business. If used improperly , these 22
accounts can cause subs tantial operational damage , including data theft, espionage , sabotag
NIST.SP.1800-18-draft Privileged Account Management for the Financial Services Sector
安全标准 >
NIST >
文档预览
中文文档
213 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共213页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:13:09上传分享