Skip to content
English
Services
Support
Contact
Blog

    PAM Journey Assessment Mapping Tool

     

    Assess Your PAM Maturity

    Privileged Access Management (PAM) is critical to protecting your organization from identity and privilege-based cyberattacks. This self-assessment will help you determine your level of cyber resilience by measuring your ability to address 38 PAM security objectives.

    For each of the 38 security objectives included in the assessment, please select the level of coverage you have achieved to date (low, medium, or high). If you have not addressed the security objective at all, or if it isn’t applicable to your needs, please answer NA.

    After you complete the self-assessment, you will immediately receive a personalized report. In addition, a PAM expert will reach out for a personalized review of your current state of maturity and help you determine next steps to accelerate your success path.

     

    What to know before you begin 

    For maximum accuracy and efficiency, you’ll want to have a detailed understanding of your current PAM capabilities before you begin the assessment, as you won’t be able to save your answers and return. Gather inputs for each of the 38 security objectives and review with your team. You can see the complete list of objectives and a sample of the assessment report below.

    Step 1 of 5
    All fields are required

    To what degree do you:
    Support dual authorization for privileged operations on critical or sensitive secrets and assets. For example, requring just-in-time privileged access approval or doublelock to provide an extra layer of security for accessing secrets.
    Access Control

     
    Support just-in-time access request for elevated permissions to run privileged commands and applications on workstations and servers.
    Access Control

     
    Control application launch with local controls enforcing privilege elevation policies on Windows and Mac workstations.
    Access Control

     
    Minimize local privileged accounts on Linux and UNIX to reduce the attack surface and align with the Printiple of Least Privilege and zero standing privileges.
    Access Control

     
    Prohibit privileged access by any client that is unknown, not secured, and untrusted.
    Access Control

     
    Vault and manage the lifecycle of services/applications from provisioning to deprovisioning to rationalize the number of accounts and reduce the attack surface.
    Account Lifecycle Management

     
    Enable automatic rotation of discovered service/application account passwords. Password complexity rules can be configured. Frequent rotation and password complexity contribute to password entropy and reducing the window of opportunity for password cracking.
    Account Lifecycle Management

     
    Automate the credential management for service/application accounts and their dependencies. Ensure that when rotating a service/application account password, you don't break any other service dependent on the same account.
    Account Lifecycle Management

     
    Replace plaintext, hard-coded credentials and sensitive configuration data from source code, configuration, and script files. Replace with programmatic calls to the vault to obtain secrets and credentials. This prevents adversaries from harvesting sensitive data on the disk.
    DevOps

     
    Ability to establish policies around secret checkout and session launching. Self-service request workflows built-in to the PAM platform or via integrations with third party workflows such as ServiceNow, allow the user to request additional access. This helps align with best practices such as zero standing privileges.
    Identity Governance

     
    1 2 3 4 5