Governance & Hygiene
Account lifecycle and hygiene practices
Review Stale User Accounts
Unused accounts are common attacker footholds. Former employees, contractors, or forgotten accounts can be compromised without detection. Regular review ensures only active users retain access.
Maintain Group Naming Conventions
Consistent naming conventions improve governance, make groups easier to find, and indicate their purpose at a glance. Random or inconsistent group names suggest poor organizational hygiene and make administration harder.
Audit Privileged Role Assignments
Privilege creep happens gradually. Without a baseline of who should have admin rights, you cannot detect unauthorized role assignments. Regular auditing ensures only authorized users retain privileged access.
Automatically Disable Stale Accounts
Manual reviews miss accounts. Automated disabling ensures that former employees, forgotten accounts, and inactive identities cannot be used by attackers. The 14-day warning prevents disruption for legitimate users.
Conduct Quarterly Privileged Access Reviews
Over time, users accumulate privileges they no longer need. Access reviews force managers to justify each privileged assignment, preventing privilege creep and reducing risk from over-entitled accounts.
Entitlement Management
Without structured access provisioning, users accumulate permissions over time. Entitlement management bundles resources into governed access packages with approval workflows and automatic expiration.
Administrative Unit Boundaries
Without administrative boundaries, any admin with sufficient permissions can manage all users. Administrative units create delegation boundaries, and restricted management prevents higher-privileged admins from overriding unit-scoped administrators.
Automate Threat Response with SOAR
Manual incident response takes hours. Automated playbooks respond to threats in seconds. Level 3 organizations minimize attacker dwell time by automatically containing compromised accounts.