IAM-23—Privileged Session Management

1. Observe user access management process for managing privileged access to trusted data environments in accordance with organization policies and verify the following: • Creation and allocation of privileged user accounts/IDs on the information systems is controlled through a formal authorization process. • Privilege access to trusted data environments are enabled through an authorized session manager • Privileged access rights are allocated to users on a time bound need-to-use basis and on an event-by-event basis in line with the access control policy, i.e. based on the minimum requirement for their functional roles and shall be revoked post that defined time period; • All session user activities are recorded and tunnelling to untrusted data environments is restricted 2. Inspect list of users that have privileged logical access to trusted data environments. 3. For a sample of user, inspect evidence of screenshot showing privilege access to trusted data environments is granted by authorized session manager. 4. Inspect configuration showing that session recording for user activity is recorded. 5. Inspect configuration showing that tunneling to untrusted data environments is restricted.