This article provides additional information on how you can meet the requirement for the CAF control – B4.c Secure Management.
Secure System Administration
- Systems that support managed services should be administered securely and only by authorised privileged users using trusted, controlled devices.
Privileged access should be managed through policies such as:-
Access Control Policy
-
Account Administration Policy
-
- Permissions should be reviewed regularly using a system such as Adoptech.
Documentation and Configuration Management
-
Network diagrams, system documentation and configuration records should be kept up to date.
-
These documents should be stored securely and reviewed whenever systems or architecture change.
Maintaining a Secure Operating Environment
-
Malware and unauthorised software should be prevented, detected and removed using layered technical controls such as:
-
endpoint protection
-
application allow-listing
-
-
Procedural controls and privileged account monitoring should support these technical safeguards.
-
A least-privilege approach and strong boundary controls should be used to reduce the risk of unauthorised changes or compromise.