The issuance and use of privileged accounts in agencies shall be restricted and controlled by system administrator management in the agency.
- A. Agencies shall develop processes to ensure that if a privilege account is issued, the use of such privileged accounts is monitored by the manager of system administration, or the CIO.
- B. Agencies shall promptly investigate any suspected misuse of these accounts by the manager of system administration or DoIT or an agency approved independent contractor.
- C. Agencies shall change passwords of system privileged accounts no less than every 60 days.
[1.12.20.11 NMAC - N/E, 04/14/2010]