Privileged Identity Management
Privileged Identity Management
- Privileged Identity Management (PIM) is a subset of identity management focused specifically on managing and securing the accounts and identities that have elevated or administrative access to critical IT systems.
- The main goals of PIM are to control, monitor, and protect the access of privileged accounts to prevent breaches or misuse, and includes the following functions:
- Access Controls
- Ensuring that only people who need access have it
- Credential Management
- Ensures strong authentication controls, such as complex/rotating passwords and MFA
- Session Management and Monitoring
- Track and record activities of privileged accounts, which helps to detect misuse or malicious activity
- Least Privilege Enforcement
- Only assign the minimum permissions to the account to limit an attackers ability to pivot
- e.g., restricting account permissions for IT Administrator's user accounts, and creating new accounts to enable administrators to perform specific tasks or maintain specific servers
- Audit and Compliance
Sources
#defs_sec