Multiuser accounts and shared passwords inherently increase the risk of unauthorized access. Shared passwords may be mishandled, leaked, or shared further, increasing the likelihood of unauthorized individuals gaining access.
The principle of least privilege should be applied to all administrator or otherwise privileged accounts on both IT and OT, in order to reduce the risk of privilege escalation. This control should be measured by ensuring that the principle is being applied when granting privileges and confirming that no accounts are designated as domain administrators.
* Apply principle of least privilege to all administrator / privileged accounts
* Privilege escalation Unauthorized access
* No user account should always have administrator or super-user privileges.
IT and OT assets NIST CSF:
PR.AC
ISA 62443-2-
14.3.3.7.3
ISA 62443-3-3 1
https://www.cisa.gov/sites/default/files/publications/Common_Baseline_v2_Controls_List_508c.pdf
Page 4
Agreed. But, It doesn't say "Shared Accounts" or "Shared Passwords" it says "Multi-User" accounts which implies they are authorized accounts set up for multiple users. For instance, a process engineering station with a single login, a trainee logging on will likely have the same privileges as a supervisor on the account - hence privilege escalation. Poor question anyway.
I agree its A - It escalates the privilege of some of the account users to the highest level required by any of the account multi-users.
If someone is an approved user of a multi-user account, they have authorized access. But too much privilege.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
vale_lisey
Highly Voted 1 year, 4 months agoMorax1100
Most Recent 3 days, 13 hours ago969b6a5
4 months, 1 week agoThe1BelowAll
5 months agoCapibaraChris
8 months agoac873d6
9 months agoac873d6
9 months agobe2a79c
9 months, 4 weeks agoBeavis_123
10 months, 4 weeks agofermins
1 year, 1 month agoChrisW9200
1 year agoChrisW9200
1 year agoChrisW9200
1 year, 1 month agofermins
1 year, 1 month ago