11.2.4 Review of User Access Rights

Set up real-time alerts to detect any unauthorized or unapproved changes to users or groups. Monitor account management activities such as user or group addition/deletion/modification to ensure all user access privileges are appropriate and approved.

Requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure requiring the data or system owner to grant access privileges to new and existing users should be included. These procedures apply to all users, including administrators (privileged users), internal and external users, in both normal and emergency situations. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users.

Perform regular management review of all accounts and related privileges. Demonstrate that procedures exist for the registration, change, and deletion of users from information systems and subsystems on a timely basis and confirm that the procedures are followed. Procedures must exist and be followed to ensure timely action relating to requesting, establishing, issuing, suspending, and closing user accounts.

To achieve this requirement, administrators must ensure that permissions have been granted to the appropriate users, and to ensure that all network and application access requests are adequately documented and approved by appropriate Management personnel. As proof, administrators can select a sample of terminated employees and to ensure that the accounts for these employees have been terminated in a timely manner.

Administrators must review reports that detail the access policy on all servers and applications. They must be configured to ensure password policies are enforced and access activity recorded. Server and application logs must be reviewed to ensure passwords are changed periodically and in accordance with corporate policy.

TIBCO LogLogic reports augment processes and procedures for granting access by allowing the validation of new users, elevated privileges on network devices and systems that provide access to information assets. The addition or modification of accounts captured by the TIBCO LogLogic Compliance Suite provides specific information regarding who is been given access to information assets while account activities can be monitored to ensure that access has been implemented appropriately. Special access through VPNs, the Internet, and other subnets can also validate that remote access privileges are implemented as desired.

Reports and Alerts

Use the following link/reference to see the 11.2.4 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.