UnixTime

Research Note

A.8.2 Audit Checklist

Use this checklist during an internal audit of privileged access allocation, use, monitoring, emergency access, and removal.

On this page

When to use this

Use this checklist during an internal audit of privileged access allocation, use, monitoring, emergency access, and removal.

Audit checklist

  • Review privileged access policy/procedure.
  • Review privileged access register.
  • Sample privileged access approvals and justifications.
  • Check separate privileged identities where feasible.
  • Check privileged activity logging.
  • Review log protection and retention.
  • Sample privileged activity reviews.
  • Review emergency access records and post-use reviews.
  • Check privilege removal after role change or end of need.
  • Interview privileged users.

Findings table

User/system Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD