Sub-Requirement 8.5.1 (Update: v3.0 11/2013)
8.5.1 Control addition, deletion, and modification of user IDs, credentials, and other identifier objects Illustrative Controls and the TIBCO LogLogic Solution Administrators must monitor any account management activities such as user or group addition/deletion/modification to ensure all user access privileges are appropriate and approved. Set up real-time alerts to detect any unauthorized or unapproved changes to users or groups.
Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by a unified user account management policy and process. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for both normal and emergency cases.
Administrators must perform regular management review of all accounts and related privileges. Demonstrate that procedures exist for the registration, change, and deletion of users from in-scope systems and applications on a timely basis and confirm that the procedures are followed. Procedures must exist and be followed to ensure timely action relating to requesting, establishing, issuing, suspending, and closing user accounts.
To satisfy this requirement, administrators must ensure that permissions have been granted to the appropriate users. Permissions incorrectly assigned to users can indicate failure to meet this requirement. Also, administrators must ensure that all network and application access requests are adequately documented and approved by appropriate management personnel. As proof, administrators can select a sample of terminated employees to ensure the accounts for these employees have been disabled or deleted in a timely manner.
Reports and Alerts
Use the following link/reference to see the 8.5.1 reports and alerts: 8.5.1 on page 123.