From e6b9fdaa98eb12acf5f32486d1a1225d96960f1c Mon Sep 17 00:00:00 2001 From: Jonathan-Scott14 <104072141+Jonathan-Scott14@users.noreply.github.com> Date: Mon, 20 Nov 2023 17:04:03 +0000 Subject: [PATCH] Update principle-least-access.html.md.erb Review by A Dion. Minor changes and text added. --- source/standards/principle-least-access.html.md.erb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/source/standards/principle-least-access.html.md.erb b/source/standards/principle-least-access.html.md.erb index cda6fa39..8ef124ad 100644 --- a/source/standards/principle-least-access.html.md.erb +++ b/source/standards/principle-least-access.html.md.erb @@ -1,6 +1,6 @@ --- title: Principle of Least Privilege -last_reviewed_on: 2023-03-22 +last_reviewed_on: 2023-11-20 review_in: 6 months --- @@ -8,6 +8,8 @@ review_in: 6 months The [principle of least privilege][polp] involves setting up user accounts so they can only access and use the information they need for specific tasks. This can also apply to processes and individuals who might have to switch between normal access and the increased access of a superuser account as part of their work. +All access provisioned for use within GDS must be provided on a least privilege basis + Examples of privileged or higher security access are: - root access @@ -24,13 +26,17 @@ You should use the principle of least privilege if you: Your team should: -- make users aware of this policy and have a process for them to request changes to access as needed +- make users aware of this policy and be required to confirm their understanding of their access privileges and related conditions of use +- have a process for them to request changes to access as needed - define roles for users and grant required privileges, or access rights, for those roles - create the roles or credentials with the least possible privilege, with only necessary permissions required for normal users to perform their day-to-day jobs - use the role or credentials with the least possible privilege as the default option - use just-in-time (JIT) access provisioning to grant users an on-demand, time-limited privileged role or security token to access the privileged resources - make sure session time of the privileged access is set to no more than 12 hours, and/or terminates when the user logs out of their laptop - establish an audit trail for the use of privileged access +- ensure approval and use of privileged accounts is kept to the absolute minimum necessary for a user to perform their job role +- in cases where JIT access is not implemented for users with privileged access that have critical business impact, implement a documeneted periodic review (cadence to be defined) of the need to continually have these privileged access granted to confirmed users +- have a Joiners, Movers and Leavers process, where line managers (or equivalent) arrange for privileged access to be removed (SLA to be defined) where it is not required. See this [NCSC guide on identity management](https://www.ncsc.gov.uk/guidance/introduction-identity-and-access-management) for more information. ## Examples