Reference Sample Risk:
Recommended Corrective Action
T-8, T-23, T-24,
Notification is not performed when account changes are made.
The lack of notification allows unauthorized changes to individuals who elevate permissions and group membership to occur without detection.
Enable auditing of all activities performed under privileged accounts in GPOs and develop a process to allow these events to be reviewed by an individual who does not have Administrative privileges.