M0918 User Account Management
Manage the creation, modification, use, and permissions associated to user accounts.
Techniques Addressed by Mitigation
Domain |
ID |
Name |
Use |
ics |
T0811 |
Data from Information Repositories |
Ensure users and user groups have appropriate permissions for their roles through Identity and Access Management (IAM) controls to prevent misuse. Implement user accounts for each individual that may access the repositories for role enforcement and non-repudiation of actions. |
|
|
|
|
ics |
T0822 |
External Remote Services |
Consider utilizing jump boxes for external remote access. Additionally, dynamic account management may be used to easily remove accounts when not in use. |
|
|
|
|
ics |
T0838 |
Modify Alarm Settings |
Limit privileges of user accounts and groups so that only designated administrators or engineers can interact with alarm management and alarm configuration thresholds. |
|
|
|
|
ics |
T0886 |
Remote Services |
Limit the accounts that may use remote services. Limit the permissions for accounts that are at higher risk of compromise; for example, configure SSH so users can only run specific programs. |
|
|
|
|
ics |
T0881 |
Service Stop |
Limit privileges of user accounts and groups so that only authorized administrators can change service states and configurations. |
|
|
|
|
ics |
T0859 |
Valid Accounts |
Ensure users and user groups have appropriate permissions for their roles through Identity and Access Management (IAM) controls. Implement strict IAM controls to prevent access to systems except for the applications, users, and services that require access. Implement user accounts for each individual for enforcement and non-repudiation of actions. |
|
|
|
|