The 11 objectives that are in bold are ones that specifically set TechIDManager apart as a privileged account managing tool from tools such as documentation, password vaults and privileged access that MSPs commonly attempt to solve this need with.
3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems.)
3.1.2 Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts.
3.3.2 Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.
3.5.1 Identify information system users, processes acting on behalf of users, or devices.
3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created.
3.5.10 Store and transmit only encrypted representation of passwords.
18.104.22.168 Ensure that all system users have been assigned a unique identifier
5.2 Use unique passwords
5.4 Restrict administrator privileges to dedicated administrator accounts
5.6 Centralized account management
6.1 Establish an access granting process
6.2 Establish an access revoking process
6.5 Require MFA for administrative access
6.8 Define and maintain role based access control
AC.1.001 Authorized Access Control Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems.)
AC.1.002 Transaction & Function Control Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
AC.2.007 Least Privilege Employ the principle of least privilege, including for specific security functions and privileged accounts.
8.1.1 Define and implement policies and procedures to provide accurate user identity management for non-consumer users and administrators in all system components.
8.1.3 Immediately revoke access for terminated users.
8.1.4 Remove or disable inactive user accounts within 90 days.
8.1.5 Manage the IDs used by third parties to access, support, or protect system components remotely.
8.2.3 Passwords must be at least seven characters and contain numeric and alphabetic characters.
8.2.4 Change user passwords at least every 90 days.
8.2.5 Do not allow a new password to be created that is the same as any of the last four passwords used.
8.5 Do not use group, shared, or public IDs, passwords, or other authentication methods.
8.5.1 Additional requirement for service providers only: service providers with remote access to customer premises should use unique authentication information for each customer.
8.6 Authentication mechanisms must not be shared among multiple accounts and physical and/or logical controls must be in place to ensure only the intended account can use that mechanism to gain access.
164.312(a)(2)(i) Unique user identifier