Elevated Privileges (EP) allow you to perform configuration changes or other advanced functions on your computer that ordinary users are not authorized to perform. Some examples are to install home printers, troubleshoot a home Internet connection, install approved software for development work, run custom programs, etc.
The granting of Elevated Privileges does not give a user unrestricted authority to change system configuration, install executable software, or to otherwise add/modify/delete existing software products.
Accessing information systems with elevated user privileges greatly increases the risks of security incidents and of unintended and/or detrimental changes to system configurations. It is considered best practice to restrict user rights in order to limit the scope and lessen the opportunity of attacks.
Types of Elevated Privileges
General users are granted elevated privileges for only clearly established purposes that are approved in advance. The only user that can be assigned EP is the end-user to whom that computer is assigned.
Users requiring specialized above core software must have it approved through the HQ Triage 3 Software Approval Process in advance of installation. Changes to baseline system configurations must also be approved in advance of implementation as part of the elevated privileges request.
System Administrators and Software Developers are expected to maintain system configurations within the Agency or locally established baselines. Development of system and application changes and the baselining of new software and applications are expected to occur in development environments and/or the software engineering facilities. All changes must be approved through the Change Control Board prior to implementation on production systems.
|Users granted elevated privileges who fail to follow these guidelines will have their elevated privileges terminated. Additionally, they may be subject to disciplinary action for failure to abide by appropriate use guidelines. See ITS-HBK-2810.15-02A and the NASA HQ Appropriate Use Policy for more information.
NASA Headquarters personnel may request short-term (up to 30 days) or long-term (up to 364 days) elevated privileges if required to accomplish your NASA mission.