KEMBAR78
Standard Operating Procedure | PDF | Radius | Security Engineering
Scribd
Upload
59 views3 pages

Standard Operating Procedure

The Break Glass Account Access Procedure outlines the secure use of Break Glass Accounts for emergency access to network infrastructure components when normal access is unavailable. It specifies conditions for use, management practices, access procedures, and monitoring requirements to ensure security and compliance. Unauthorized use is considered a serious violation with potential disciplinary actions.

Uploaded by

aasimmuneerwp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
59 views3 pages

Standard Operating Procedure

The Break Glass Account Access Procedure outlines the secure use of Break Glass Accounts for emergency access to network infrastructure components when normal access is unavailable. It specifies conditions for use, management practices, access procedures, and monitoring requirements to ensure security and compliance. Unauthorized use is considered a serious violation with potential disciplinary actions.

Uploaded by

aasimmuneerwp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Standard Operating Procedure (SOP)

Title: Break Glass Account Access Procedure


Applies To: HP Aruba ClearPass, Aruba Switches, and Wireless Controllers
Department: IT Infrastructure / Network Security
Prepared By: [Your Name]
Date: [Date]

1. Purpose

To define a standard procedure for the secure usage of Break Glass Accounts in the event of
an emergency where normal administrative access is not available.

2. Scope

This procedure applies to all network infrastructure components including:

 HP Aruba ClearPass NAC


 Aruba Switches
 Aruba Wireless Controllers

3. Definition

A Break Glass Account is a pre-configured, local administrative account with elevated


privileges, intended solely for emergency access when centralized authentication mechanisms
such as RADIUS, LDAP, or TACACS are unavailable.

4. Conditions for Use

Break Glass Accounts must only be used under the following conditions:

 Authentication server(s) are unavailable or unresponsive.


 AAA services are misconfigured or down.
 Critical failure requiring immediate administrative access.

Use of these accounts outside of the above scenarios is strictly prohibited.

5. Account Management

Internal
 Break Glass accounts must be disabled by default.
 Passwords must be complex and stored in a secure password vault (e.g., CyberArk,
KeePass, etc.).
 Passwords must be updated every 90 days and immediately after each use.

6. Access Procedure

1. Notify the IT Security Team about the intended use of a Break Glass Account.
2. Enable the Break Glass Account locally on the device.
3. Retrieve credentials from the secure vault.
4. Perform necessary troubleshooting or restoration tasks.
5. Disable the Break Glass Account immediately after use.
6. Document the incident, including:
o Reason for access
o Time and date of access
o Actions taken
o Individuals involved

7. Monitoring and Logging

 All Break Glass access events must be logged.


 Syslog, ClearPass Access Tracker, and switch/controller logs should be reviewed
post-incident.
 Alerts must be configured in the SIEM system for any login using Break Glass
credentials.

8. Periodic Review and Testing

 Test Break Glass Account access quarterly to ensure functionality.


 Conduct periodic audits to verify account integrity and compliance.

9. Violations

Unauthorized use of Break Glass Accounts is a serious security violation and may result in
disciplinary action including access revocation, suspension, or termination.

10. Document Control

 Version: 1.0

Internal
 Last Reviewed: [Date]
 Next Review Due: [Date + 1 Year]
 Approved By: [Approver Name]

End of Document

Internal

You might also like