Back To: Boost IT Security In 30 Days

Step 3: Tighten policies and practices for privileged users.

To the greatest extent possible, agencies were required to minimize the number of privileged users; limit functions that can be performed when using privileged accounts; limit the duration that privileged users can be logged in; limit the privileged functions that can be performed using remote access; and ensure that privileged user activities are logged and that such logs are reviewed regularly. Here again, agencies had to report their progress within 30 days.