Keep a limited and updated list of system administrator accounts

An up-to-date list of exceptional rights granted to certain users keeps special access under control, helps auditors perform their duties, and upholds the principle of least privilege. (Users have all the rights they need for their work, but no more.)

By updating and regularly evaluating the list of administrator accounts, it is possible to detect abuse or rights that are not necessary for daily work activities. Limiting accounts to those that are really necessary reduces the window of attack for malicious software.