Skip to main content

5.1 Identity Management

5.1 Identity Management

  • User Lifecycle Management:

    • a. Provision unique identifiers for all users and devices.

    • b. Deactivate user accounts after 1 year of inactivity.

    • c. Disable local administrator accounts after 90 days of inactivity.

    • d. Deactivate staging accounts (e.g., installadmin) after 7 days of inactivity.

  • Local Administrator Password Rotation (LAPS) (Applies to Endpoints):

    • e. Rotate dtcadmin user password at system boot, user login, and weekly intervals.

    • f. Rotate built-in Administrator password at system boot, user login, and weekly intervals.

  • Password Policy:

    • h. Adhere to the default password policies established by each identity provider (e.g., Active Directory).

    • i. Collaborate with clients to develop customized password policies tailored to their specific security requirements and compliance obligations.

  • Multi-factor Authentication (MFA) Protection
    • j. All users accessing, where available per application, must have multi-factor authentication turned on.
      • SMS is not recommended but can be used if only option available.
      • One Time Passcodes from apps like Microsoft Authenticator are recommended.

  • Role-Based Access Control (RBAC):

    • a. DTC retains and manages credentials for Built-In Administrator, Domain Administrator, and dtcadminaccounts.

    • b. DTC creates unique administrator accounts for client-designated decision-makers, granting local or full administrative privileges as specified.

    • c. Decision-makers are permitted to retain access to Domain Administrator credentials.

    • d. Upon termination of services, all compute resource credentials managed by DTC are released to the client.

  • Anomaly & Malicious Behavior Detection:
    • k. Review and analyze audit and event logs in order to respond to security incidents.

  • Incident Response Integration:

    • l. Deploy light SIEM integration into identity environments.

    • m. Ensure continuous monitoring and analysis of identity activities to detect and respond to potential threats.​

    • n. Facilitate collaboration between SIEM solutions and DTC to coordinate incident response and remediation efforts.​

Technical Controls:

Control ID Description Tools/Methods
a Provision unique identifiers for all users and devices. DTC or Client Procured Identity Management Systems (e.g., Active Directory, Azure AD), Client Policy
b Deactivate user accounts after 1 year of inactivity. NinjaRMM, SaaS Alerts
c Disable local administrator accounts after 90 days of inactivity. NinjaRMM
d Deactivate staging accounts (e.g., installadmin) after 7 days of inactivity. NinjaRMM
e Rotate dtcadmin user password at system boot, user login, and weekly. NinjaRMM
f Rotate built-in Administrator password at system boot, user login, weekly. NinjaRMM, Microsoft Windows PowerShell
h Adhere to default password policies of identity providers. Configuration of identity provider settings, Regular policy reviews
i Develop customized password policies with clients. Consultation sessions, Quarterly business reviews, Policy development frameworks
j All users accessing, where available per application, must have multi-factor authentication turned on. Consultation sessions, Client application choice, DTC enabled for Entra ID & Google Workspace by default.
k

Analyze audit and event logs to investigate and respond to potential security incidents.

 SaaS Alerts, Blumira Free Edition
l

 Deploy light SIEM integration into identity environments.

 SaaS Alerts, Blumira Free Edition
m Ensure continuous monitoring and analysis of identity activities to detect and respond to potential threats.​ SaaS Alerts, Blumira Free Edition, HaloPSA
n

Facilitate collaboration between SIEM solutions and DTC to coordinate incident response and remediation efforts.​

 SaaS Alerts, Blumira Free Edition, HaloPSA

No comments to display

Back to top