The standard, “Granting and Restricting Elevated Workstation Privileges", (or just "Elevated Workstation Privileges") was extensively changed and renamed to Administrative Privileges on University Endpoints Procedure. The document was changed from a standard to a procedure because it details what steps you must take to be compliant. In addition, the orientation was changed from user and privilege focus to being aligned with the UVA data classifications and elevated administrative privileges.
Reviewing carefully the revised standard/new procedure is highly recommended.
CHANGED
The following phrases were changed:
- “elevated workstation privileges” became “elevated administrative privileges”
- “Workstation” became “Endpoint”
- “Workstation manager” became “Endpoint manager”
- “permanent” became “persistent”
The tables were simplified into one small table. Please consult the actual procedure.
ADDED
Procedures for endpoint managers and the difference between temporary and persistent elevated administrative privileges.
The requirement of an asset inventory of all endpoints on which the assigned user has elevated administrative privileges.
New Related Links were added to the procedure.
As with all our standards and procedure revisions, this one was reviewed by the Information Technology Services (ITS) directors, the Security Advisory Committee, and the Information Security leadership team and approved by the Jason Belford, CISO.
A carefully review of the revised/new procedure is highly recommended.
Printer-friendly version