5.2 Compute Resources
5.2 Compute Resources
-
Access Controls:
-
a. Apply Role-Based Access Control (RBAC) on cloud and on-premises systems.
-
b. Set default access permissions to the principle of least privilege.
-
-
c. Offer implementation of Conditional Access Policies as a consulting service based on client requirements.
Technical Controls:
| Control ID | Description | Tools/Methods |
|---|---|---|
| a | Apply Role-Based Access Control (RBAC) on systems. | Access management platforms; Directory services (e.g., Active Directory) |
| b | Set default access permissions to least privilege. | Access control lists (ACLs); Regular access reviews |
| c | Implement Conditional Access Policies as per client requirements. | Conditional access solutions (e.g., Azure Conditional Access); Policy development frameworks |
Standard Operating Procedures
| Control ID | Description | Tools/Methods |
|---|---|---|
| a | Provision unique identifiers for all users and devices. | DTC or Client Procured Identity Management Systems (e.g., Active Directory, Azure AD) |
| b | Deactivate user accounts after 1 year of inactivity. | DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| c | Disable local administrator accounts after 90 days of inactivity. | DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| d | Deactivate staging accounts (e.g., installadmin) after 7 days. |
DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| e | Rotate dtcadmin user password at system boot, user login, and weekly. |
DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| f | Rotate built-in Administrator password at system boot, user login, weekly. | DTC'S RMM, Microsoft Windows PowerShell, Internet Access |
| g | Implement Multi-Factor Authentication (MFA) on critical systems. | Microsoft Entra ID, Google Workspace, Cloudflare ZTNA Email |
| h | Adhere to default password policies of identity providers. | Configuration of identity provider settings; Regular policy reviews |
| i | Develop customized password policies with clients. | Consultation sessions; Policy development frameworks |
| j. | Review and analyze audit and event logs in order to respond to security incidents. | SaaS Alerts, Blumira Free Edition |