Security Fundamentals

Compromising privileged accounts is a central objective for any attacker, and CyberArk Privileged Access Manager - Self-Hosted is designed to help improve your organization’s ability to control and monitor privileged activity. As with any security solution, it is essential to secure Privileged Access Manager - Self-Hosted to ensure the controls you have implemented are not circumvented by an attacker.

The controls described in this document are the minimal requirements for protecting your Privileged Access Manager - Self-Hosted deployment, and therefore your privileged accounts. Consolidated by our team, these controls reflect our experience in implementing industry best practices when supporting our customers in installing and operating our products. The requirements are also based upon analysis of various reports made by companies that experienced a security incident and other research data generally available in the industry. Details are included in Digital Vault Security Standard.

It is imperative that you follow as many of these steps as possible in your environment, recognizing there may be other methods that you might want to use based on your organization’s expertise. Review your CyberArk deployment on a regular basis to ensure it complies with industry best practices, including those outlined in this topic. For questions or assistance with designing and implementing these controls or support in reviewing your deployment, contact your CyberArk or partner representative.

Requirements for protecting your CyberArk deployment