5.1 Identity Management
5.1 Identity Management
-
User Lifecycle Management:
-
a. Provision unique identifiers for all users and devices.
-
b. Deactivate user accounts after 1 year of inactivity.
-
c. Disable local administrator accounts after 90 days of inactivity.
-
d. Deactivate staging accounts (e.g.,
installadmin) after 7 days.
-
-
Local Administrator Password Rotation (LAPS) (Applies to Endpoints):
-
e. Rotate
dtcadminuser password at system boot, user login, and weekly intervals. -
f. Rotate built-in Administrator password at system boot, user login, and weekly intervals.
-
-
g. Implement Multi-Factor Authentication (MFA) on critical systems where supported.
-
Password Policy:
-
h. Adhere to the default password policies established by each identity provider (e.g., Active Directory).
-
i. Collaborate with clients to develop customized password policies tailored to their specific security requirements and compliance obligations.
-
- Multi-factor Authentication (MFA) Protection
- j. All users accessing, where available per application, must have multi-factor authentication turned on.
- SMS is not recommended but can be used if only one available.
- One Time Passcodes from apps like Microsoft Authenticator are recommended.
- j. All users accessing, where available per application, must have multi-factor authentication turned on.
- Anomaly & Malicious Behavior Detection:
j.k. Review and analyze audit and event logs in order to respond to security incidents.
Technical Controls:
| Control ID | Description | Tools/Methods |
|---|---|---|
| a | Provision unique identifiers for all users and devices. | DTC or Client Procured Identity Management Systems (e.g., Active Directory, Azure AD) |
| b | Deactivate user accounts after 1 year of inactivity. | NinjaOne RMM, Microsoft Windows PowerShell, Internet Access |
| c | Disable local administrator accounts after 90 days of inactivity. | NinjaOne RMM, Microsoft Windows PowerShell, Internet Access |
| d | Deactivate staging accounts (e.g., installadmin) after 7 days. |
NinjaOne RMM, Microsoft Windows PowerShell, Internet Access |
| e | Rotate dtcadmin user password at system boot, user login, and weekly. |
NinjaOne RMM, Microsoft Windows PowerShell, Internet Access |
| f | Rotate built-in Administrator password at system boot, user login, weekly. | NinjaOne RMM, Microsoft Windows PowerShell, Internet Access |
| g | Implement Multi-Factor Authentication (MFA) on critical systems. | Microsoft Entra ID, Google Workspace, Cloudflare ZTNA Email |
| h | Adhere to default password policies of identity providers. | Configuration of identity provider settings; Regular policy reviews |
| i | Develop customized password policies with clients. | Consultation sessions; Quarterly business reviews; Policy development frameworks |
| j. | All users accessing, where available per application, must have multi-factor authentication turned on. | Consultation sessions; Client application choice; DTC enabled for Entra ID & Google Workspace by default. |
| k. | Review and analyze audit and event logs in order to respond to security incidents. | SaaS Alerts, Blumira Free Edition |
Standard Operating Procedures
| Control ID | Description | Tools/Methods |
|---|---|---|
| a | Provision unique identifiers for all users and devices. | DTC or Client Procured Identity Management Systems (e.g., Active Directory, Azure AD) |
| b | Deactivate user accounts after 1 year of inactivity. | DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| c | Disable local administrator accounts after 90 days of inactivity. | DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| d | Deactivate staging accounts (e.g., installadmin) after 7 days. |
DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| e | Rotate dtcadmin user password at system boot, user login, and weekly. |
DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| f | Rotate built-in Administrator password at system boot, user login, weekly. | DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| g | Implement Multi-Factor Authentication (MFA) on critical systems. | Microsoft Entra ID, Google Workspace, Cloudflare ZTNA Email |
| h | Adhere to default password policies of identity providers. | Configuration of identity provider settings; Regular policy reviews |
| i | Develop customized password policies with clients. | Consultation sessions; Policy development frameworks |
| j. | Review and analyze audit and event logs in order to respond to security incidents. | SaaS Alerts, Blumira Free Edition |