

Privileged access management
Privileged accounts – accounts that have elevated access or permissions – present a high risk to CBA. These accounts are high priority targets for malicious cyber actors, as they can access our most sensitive information and are able to perform special activities, such as installing and modifying software, changing network configurations or bypassing and modifying security controls.
It is essential that privileged access to Doug’s service is tightly managed to prevent unauthorised access to information held on our network. The IAM Standard explains a number of key privileged access management requirements such as:
- role-based access control
- registration and auditing of privileged accounts
- provisions for emergency access and shared and general account management
Further guidance on how to implement these requirements is available in the Privileged Access Management Guideline.