Administrator Accounts
Tenable provides several default roles by default. Administrators have the highest level of access to an organization's systems and data. An administrator can perform a wide range of tasks such as create new user accounts, modify system configurations, and delete data. As a result, administrators have potentially destructive capabilities and pose a significant security risk if their credentials are compromised. Administrator accounts that are not Single Sign-on enabled must be protected with a strong password that is kept in a password vault and Multi-Factor Authentication (MFA) must be enforced.
To mitigate this risk, it is important to limit the number of users who have admin privileges to only those who truly need it to perform their job responsibilities. This typically includes IT staff, system administrators, and senior management. By limiting the number of users with admin access, organizations can reduce the likelihood of insider threats or accidental misuse of admin privileges.