Recommendations

Implement procedures to ensure a complete and updated listing of administrative user accounts of Linux servers are included in the review process.

Define and implement a process for reviewing all Linux server administrators, including those found within the wheel group with root access.

Implement a formalized process to validate or follow up on account removal actions identified during the semi-annual review process to ensure that user accounts align with job responsibilities and least privilege concepts.

Implement system access authorization processes for Splunk administrators to include separation of duties controls. When separation of duties cannot be achieved for conflicting roles, assess the risk and document the control deviation and risk-based decisions.

Ensure that audit log collection and retention is implemented in accordance with Federal and site-level policies and procedures.

Ensure account passwords are reset, and documentation retained, whenever an individual with access to service accounts leaves BEA or is no longer in a role requiring such access.

Update and implement existing configuration management procedures for all servers, printers, and services on the production network to enforce changing default credentials before the server or printer is connected to the network.