Domain Forest Administration 589

  • All,
    I’m fairly new to this so a little advice might be nice for me - I have to apply for Domain rights to be given to my login account so that we have a suitable audit trail. If I apply for an account that is a NT service account then I would know the password and a number of others and therefore the audit trail is no longer specific to me as a user - does SOX have any guidelines about this and where can I look.
    Sorry if this is a daft question but I can’t find abything at the moment that’s even similar to this.

  • There is no ‘do this, and then you comply’ guidelines
    What you have to do is to prove that your controls are adequate to mitigate any potential risk that might have a major impact on the numbers in your SEC filings.
    For IT compliance, look into cobit
    And regarding your NT account policy, me thinks it looks a little bit(ok - alot) fishy

  • hi
    We came across this in our own audit. Wherever possible it is advisable to use named accounts, and to restrict access to generic accounts, for the reason you mention, to be able to identify activity to a specific user. For some of our technology we are not able to use separate accounts, so we had to introduce additional (compensating) controls around these accounts, such as severly restricting access, storing generic passwords in separate safes according to the administrators who would use them, or changing default admin passwords and allowing only a senior manager to own the password. In the case where you have the option of a named account, audit may well question the need to use a service account

Log in to reply