SI-4(20): Privileged Users

Control Family:

System and Information Integrity

Parent Control:

SI-4: System Monitoring

CSF v1.1 References:

ID.RA-1
PR.DS-5
PR.IP-8
DE.AE-1
DE.AE-2
DE.AE-3
DE.AE-4
DE.CM-1
DE.CM-4
DE.CM-5
DE.CM-6
DE.CM-7
DE.DP-2
DE.DP-3
DE.DP-4
DE.DP-5
RS.AN-1

Threats Addressed:

Repudiation
Elevation of Privilege
Lateral Movement

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
SI-4(20): Privileged Users

Control Statement

Implement the following additional monitoring of privileged users: [Assignment: organization-defined additional monitoring].

Supplemental Guidance

Privileged users have access to more sensitive information, including security-related information, than the general user population. Access to such information means that privileged users can potentially do greater damage to systems and organizations than non-privileged users. Therefore, implementing additional monitoring on privileged users helps to ensure that organizations can identify malicious activity at the earliest possible time and take appropriate actions.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5