Shared Account Password Management in the Federal Government: Then and Now

One of my first consultant jobs involved installing agents on Unix servers, a procedure which required root access. I still remember the first time I was onsite at a military base to help a customer install the software because it was also my first experience with a physical vault that stored computer passwords. When it came time to enter in the root credentials, my client made a phone call, and then this other person comes in from down the hall, opens up a wall safe using a memorized combination and pulls out a folder. This person verifies my client’s badge…

The Myth of Shared Account Password Management (SAPM)

In a response to the OPM breach and Tony Scott’s 30-day sprint, many agencies invested in a SAPM solution to manage their privileged users. Unfortunately this does not meet the measure of the requirement of HSPD-12 and multi-factor authentication (MFA) everywhere and the CDM authentication and credential requirements. The reality is that SAPM solutions only cover 5%-10% of the problem. The need for a true Super User Privileged Management (SUPM) is the only way to ensure that everyone in every organization is using a smart card (CAC/PIV) and a PIN, plus a third level of authentication to access all resources….