Standards Group:
YALE-MSS-9: Authentication and Authorization
YALE-MSS-9.12: Ensure authentication events are associated with an individual and not just an administrative or service account
Details
This standard applies to administrative accounts and service accounts.
Administrative accounts - a username and password that grants an individual privileged access to the IT System. Privileged access is access to make changes to the overall IT System.
Service accounts - special user accounts that an application, service or system uses to interact with the operating system. These types of accounts are typically used for automation.
Controls
- YALE-MSS-9.12.1: Disable direct login with generic, shared account names ("root", "administrator", "dba", "sa"). The login accounts must meet the account requirements outlined in Yale-MSS-9.3.
- YALE-MSS-9.12.2: Do not allow direct logins to accounts with administrative privileges. Require users to log in with an individual account and escalate privileges.