Manufacturers should treat shared workstations as high-risk identity enforcement points. Each user must authenticate as themselves, sessions should lock quickly, and reauthentication should be required before access continues after an idle period or handoff. The goal is not only protection, but also clean attribution for logs and assessments.
Why This Matters for Security Teams
Shared workstations in manufacturing are not ordinary endpoints. They often sit between people, plants, and CUI systems, so they become an identity enforcement point as much as a device. If a workstation stays unlocked, uses a generic login, or preserves someone else’s session, the organisation loses clean attribution and weakens access control at the exact place where regulated data is touched. That is especially dangerous when CUI access needs to be tied to a specific person, task, and time.
Current guidance suggests treating these stations like shared control surfaces, not convenience terminals. That means short idle locks, step-up reauthentication after handoff, and strong session separation so one operator cannot inherit another operator’s access. The same logic applies to credentials and tool access used by local applications or scripts, where long-lived secrets create avoidable exposure. NHI Mgmt Group notes that only 5.7% of organisations have full visibility into their service accounts in its Ultimate Guide to NHIs, which is a useful reminder that identity gaps are often broader than the workstation itself. In practice, many security teams encounter workstation misuse only after an audit trail cannot prove who accessed CUI, rather than through intentional design.
How It Works in Practice
The practical answer is to make the workstation behave like a controlled access gateway. Each operator should authenticate with their own identity, not a shared account, and the workstation should enforce rapid screen locking plus reauthentication after idle time, badge handoff, or task change. For CUI environments, that is only the baseline. Access decisions should also consider the current context, such as shift assignment, physical location, and whether the operator is authorised for that specific production cell or dataset.
Security teams should combine workstation controls with identity governance:
- Use unique human identities and prohibit shared credentials for CUI access.
- Bind sessions to the individual operator so logs preserve accountability.
- Require reauthentication before privileged functions, file exports, or remote support actions.
- Limit local caching of CUI and prevent pass-through access from previous sessions.
- Monitor for idle bypasses, kiosk escapes, and session handoffs that defeat lock controls.
Where workstations also launch scripts, scanners, or file-transfer tools, the same principle applies to non-human identities and secrets. Long-lived API keys, cached tokens, or hardcoded credentials on a shared terminal can outlive the user session and create hidden access paths. The OWASP Non-Human Identity Top 10 aligns with this risk by emphasising that credentials must be scoped, rotated, and observable. NHIMG’s 52 NHI Breaches Analysis also reinforces that identity failures often cascade from weak credential handling, not just weak passwords. These controls tend to break down in shift-based plants where operators hot-seat a terminal every few minutes because session friction tempts staff to reuse access paths.
Common Variations and Edge Cases
Tighter workstation control often increases operational friction, requiring organisations to balance throughput against traceability and CUI protection. That tradeoff is real in plants with gloves-on workflows, time-sensitive dispatch, or legacy HMIs that were never designed for frequent reauthentication. Best practice is evolving here, but the security objective remains consistent: preserve identity certainty without blocking production.
Common edge cases include service desks, engineering labs, and maintenance carts. A machine may need a shared physical terminal, but that does not justify a shared digital identity. For temporary or break-glass use, current guidance suggests time-limited elevation with explicit approval and strong logging, then immediate revocation after the task ends. If a workstation must support offline operation, organisations should tighten local controls further because cached sessions, delayed logoff, and postponed synchronisation can weaken attribution.
Manufacturers should also review remote vendor support. If a third party accesses CUI from a shared station, the session should still be tied to a named identity, and support access should be separately authorised and recorded. This is where NHI governance intersects with endpoint hardening: the workstation is only safe if both the human session and any non-human access paths are individually controlled. In environments with persistent shared admin use or unmanaged legacy software, these practices often degrade into nominal controls that fail during incident review.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Shared workstations often expose weak credential and session handling for human and non-human identities. |
| OWASP Agentic AI Top 10 | Autonomous tools on shared stations can persist beyond a user session and widen access paths. | |
| NIST CSF 2.0 | PR.AC-1 | Directly supports identity proofing and access control for CUI workstation users. |
Treat any workstation-launched agent or script as a separate identity with explicit runtime authorization.
Related resources from NHI Mgmt Group
- How should agencies secure CJIS access on shared workstations without slowing operations?
- How can organizations secure their MCP server credentials?
- Why do ephemeral credentials still leave risk in machine access models?
- How should public safety agencies govern CJIS access across shared workstations and legacy applications?
