Notice ID: 28321323RI0000049
The Social Security Administration (SSA or agency) is interested in a solution that would provide protections on the local administrator group. If anyone in the agency has access to the local admin group, they can create their own management groups without any governance. This could lead to an attacker getting access to a credential with rights to a particular system and adding access without authorization.
SSA requires a commercial-off-the-shelf (COTS) centralized system where we can govern and control the local administrator group for Windows endpoints.
The system must provide the following requirements:
The solution should enforce the principle of just in time, just enough access. Just-in-Time access is a security practice where privileged access is limited to predetermined periods of time, on an as-needed basis.
The ability to leverage Active Directory groups to control local administrator rights.
Personal Identity Verification (PIV) authentication to access the system.
The solution should reside on-premises or in the agency’s private cloud infrastructure. If the solution is Cloud based solutions it must be listed in the FEDRAMP marketplace and rated as FEDRAMP Moderate.
Critical outage support should be available 24/7/365
General operational support can be available during core business hours in the eastern time zone
Installation support should be available after core business hours
It is preferable that the system meet the following requirements:
The ability to govern and control the local administrator group on non-Windows endpoints such as *NIX or MAC.
Read more here.
Reply to this post...