What to Provide
A screenshot demonstrating all users with privileged access to the production server Operating System (OS).
Evidence Format
Screenshots or exported images in a common image file type such as .jpg, .png, or .pdf.
Additional Guidance
This evidence should demonstrate all users who are able to to make changes to the OS on your production servers and virtual machines. Changes to the operating system include the ability to:
Run elevated and privileged commands on the OS
Add other privileged users to the OS
Create, modify, or delete configurations on the OS
If the CSP service plan utilized in the production environment is serverless in nature (i.e. AWS Lambda, GCP App Engine, Azure App Service, etc.), please (1) indicate which serverless CSP service plan(s) are utilized in the production environment, and (2) mark this Evidence Request as N/A.
NOTE (1): If direct access to the production servers is governed via the CSP console (i.e. AWS Session Manager), please (1) note in the "Evidence Description" section of the ER all of the specific groups/role permissions that would provide a user privileged access to the production servers through the CSP console authentication mechanism, and (2) provide a screenshot of all users assigned to the associated groups/role permissions that would provide privileged access to the production servers.
NOTE (2): If SSH keys to access the production servers are stored within a password vault, please (1) note in the "Evidence Description" section of the ER all of the specific vaults in which SSH keys to production servers are stored, and (2) provide a screenshot of all users with access to the keys within the dedicated shared vault(s) that would provide privileged access to the production servers.
Related Articles
Example Evidence
Windows Server
Linux Server
Associated Unified Control ID | Associated Framework Control |
CTRL-9 | LCL-32 |