Information systems are the backbone of federal websites and digital services. Our customers expect our services to be secure and trustworthy, and we need to manage this infrastructure to meet their expectations. A key part of this work is managing privileged users’ accounts.
Privileged users perform various security-related duties that make them targets for cybercriminals or malicious insiders. The misuse or compromise of privileged user accounts has resulted in the most high-profile federal and private security breaches. Therefore, it is critical for federal agencies to identify privileged users and protect their access to high-value assets.
The General Services Administration’s (GSA) Identity, Credential, and Access Management (ICAM) team has created the Privileged Identity Playbook as a practical guide to help federal agencies manage their privileged user accounts as part of an overall agency ICAM program. Managing privileged user accounts actively decreases the cyber risk to your agency’s mission.
The three main ways to identify a privileged account or user are:
- Administrators with access to manage IT infrastructure, resources of high-value assets, and core systems, such as maintenance activities on human resource applications or databases.
- Help desk personnel with elevated privileges to perform security-relevant processes, such as installing software on user laptops or changing endpoint configuration settings.
- Managers who approve or recertify access or accounts.
You should manage privileged users as distinct and separate identities to decrease the risk to your agency’s missions if they’re compromised. Without the proper management of privileged users and accounts, your agency’s cybersecurity risks can increase. For example, employees and contractors with privileged access can:
- Jeopardize sensitive information or infrastructure, knowingly or unknowingly.
- Compromise the three core elements of information security: availability, confidentiality, and integrity.
Your agency can use the Privileged Identity Playbook to manage privileged users following governmentwide best practices. The playbook includes a four-step process aligned with the Federal Identity, Credential, and Access Management Architecture (FICAM), designed for insider threat, identity management, and risk management professionals interested in mitigating privileged user risk. For risk management professionals, the playbook also includes a NIST 800-53 revision 5 privileged user control overlay. We also encourage agencies and other IT program participants, such as cybersecurity program managers, to tailor this playbook to fit their unique organizational structure, mission, and technical requirements.
The Privileged Identity Playbook supplements existing federal IT policies and builds on the Office of Management and Budget Memorandum (OMB) Memo 19-17 - Enabling Mission Delivery through Improved Identity, Credential, and Access Management (PDF, 1 MB, 13 pages) and OMB Memo 22-09 - Federal Zero Trust Strategy, as well as existing federal identity guidance and playbooks.