Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
1
-
Description
This suggestion comes from a general security finding.
There is no alert in place when a new privileged user to a system is assigned. This increases the likelihood that unauthorized assignment to a privileged account goes undetected.
Assigning a new privileged user to a system should trigger an alert for review to ensure the assignment was authorized.
How that alert is processed could be an in application notification, an email alert to administrators, or an in-application audit log GUI (like JIRA's implementation).