T5.5.4 - USE OF SYSTEM UTILITIES Implementation Guidance
The entity shall restrict and control the use of utility programs that might be capable of overriding system and application controls.
Back to T5.5.4 - P4 - USE OF SYSTEM UTILITIES
The following guidelines for the use of system utilities should be considered:
- A. Use of identification, authentication, and authorization procedures for system utilities
- B. Segregation of system utilities from applications software
- C. Limitation of the use of system utilities to the minimum practical number of trusted, authorized users
- D. Authorization for ad hoc use of systems utilities
- E. Limitation of the availability of system utilities, e.g. for the duration of an authorized change
- F. Logging of all use of system utilities
- G. Defining and documenting of authorization levels for system utilities
- H. Removal or disabling of all unnecessary software based utilities and system software
- I. Not making system utilities available to users who have access to applications on systems where segregation of duties is required
