Step 8 - Establish the Privilege Management Life Cycle

Privilege management is the process of defining and managing the permissions associated with a subject. The authorization decision relies on the presence or absence of one or more access permissions. Similar to the Data Management Life Cycle, the Privilege Management Life Cycle supports the periodic refresh of this data so that access decisions are not based on expired, incorrect information.

As you work towards automated access control for protected resources, you should incorporate the ability to dynamically determine privileges, which will allow for a more flexible and adaptive access control solution that enables the automatic provisioning of unanticipated users.

Checklist

 Define Access Permissions. Examine source systems to determine available permission attributes and selecting those that are necessary to determine access permissions.

 Provision Access. Create user access accounts and assigning access privileges associated with selected agency resources.

 Review Periodically.* Implement mandatory control mechanisms to revalidate access levels and modifying permissions at regular intervals related to the risk of the protected resource. Access privileges may require adjustment based on promotions, job changes, role changes, situational variations, etc.

 De-provision Access. Removing user access permissions to resources when access is no longer required to complete job duties or when the individual leaves the organization.