What makes Attestation Difficult? (2 of 3)

Posted on by

First there is no built-in mechanism to enforce an attestation policy or help perform the access reviews. Microsoft Windows Server and Microsoft Active Directory use groups as the basic mechanism to control access to resources, and most non-Microsoft operating systems and directories use them as well. Because groups are universally accepted as the method by which users are authorized to use a resource, many vendors provide the ability for group attestation as part of access management solutions. This functionality is intended to satisfy audit or security requirements.   

Unintended Access Senario

Unintended Access Senarion (Click to enlarge)

 
Read Part 3 of 3 here http://www.bobbobel.com/active-directory/will-my-audit-fail-without-attestation-part-3-of-3/

One thought on “What makes Attestation Difficult? (2 of 3)

  1. Pingback: What is Attestation? (Part 1 of 3) | Bob's Identity & Access Blog ®

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>