> On Dec 7, 2017, at 1:37 PM, Mark Jacobs - Listserv <[email protected]> > wrote: > > We have an emergency use userid with it's password "locked in a safe", > which can be used by authorized people when/if needed. How do other > organizations better control something like this? I'm asking since we're > implementing MFA for "special" userids, and I don't know how to fit this > shared userid into the MFA framework. > --
Mark, AT one place I worked the sealed ID's were in the DC supervisor’s office. It was a joke every month or two they would find a need for them. NOT one was reasonable. I was on the group that did a day after run through and it was a joke, but we couldn’t figure a way around it. As long as the DC looked the other way it was a risk that management went along with. If we had had a auditor that knew what he/she was doing we could have cut it way back. You really really need an auditor that goes after violations like a mad dog, IMO. Ed ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
