NIST 800 -171 3.1.7

Prevent non-privileged users from executing privileged functions and audit the execution of such functions.

Here is where the separation of admin accounts and non-admin accounts helps you with this control. Don’t allow the non-admin accounts to have any access or ability to perform any commands that a privileged account will create. If you follow the principle of least privilege and you document what action a privileged versus non privileged account can perform you will complete this control. Now is the time for the introduction of t a log analysis tool. The market has many of these tools, they are a syslog based server that tracks all of the activity performed or attempted by user accounts in your infrastructure. When someone tries to do something like log into a router they are not allowed to access then your log analysis tool will track this.

You will need to start building the infrastructure of a ticketing system too, because when a violation of privilege occurs then you will want to keep track of it and re-mediate it. This control sets the stage for admin based accounts, log analysis and ticket and incident tracking tools to be introduced. You will be able to report what users are doing or try to do by auditing these logs and finding violations or attempted violations and then tracking them in your ticketing system.

Subscribe to our Podcast