Accountability usually spans network operations, infrastructure, and security governance because the failure touches availability, access policy, and recovery readiness. The practical test is whether the organisation can show who approved the change, who owns the rollback process, and which controls prevent repeat disruption.
Why This Matters for Security Teams
A Meraki configuration change can disrupt access even when the intent was routine, because network availability, policy enforcement, and recovery controls are tightly coupled. Accountability therefore cannot sit with a single function by default. Security governance must prove who approved the change, who owned the blast radius, and who had authority to restore service without bypassing controls.
This is especially important in environments where access depends on fragile configuration state rather than resilient identity and policy boundaries. The Ultimate Guide to NHIs shows how widely organisations still struggle with visibility and lifecycle control for non-human access, and the same governance gaps often appear in network administration. For a broader threat view, the OWASP Non-Human Identity Top 10 highlights how weak ownership and poor credential hygiene turn ordinary operational changes into security incidents.
In practice, many security teams discover accountability gaps only after access is already broken and the rollback path is being negotiated under pressure.
How It Works in Practice
Accountability for a disruptive Meraki change should be treated as a chain of custody across the change lifecycle, not as a post-incident blame exercise. The approver decides whether the change is risk-accepted, the operator executes it, the platform owner confirms the intended state, and the security team verifies that rollback and monitoring are in place. In mature environments, each step is recorded in the change ticket and tied to a named owner, not a team queue.
Practically, the strongest pattern is to separate who can request a change from who can apply it, then require evidence that the change was tested, reversible, and bounded. That means using change windows, pre-approved templates, backups of known-good configuration, and access paths that remain available during failure. Current guidance from NHI governance also suggests treating admin access like any other privileged workload access: short-lived, tightly scoped, and reviewable. The Ultimate Guide to NHIs — Key Challenges and Risks is useful here because configuration breakage often overlaps with poor control of privileged non-human access.
- Define a single accountable owner for the change, the rollback, and the final validation step.
- Require before-and-after config baselines so the recovery path is not improvised.
- Use least privilege for Meraki administration and review any standing access regularly.
- Preserve out-of-band access for recovery so the response team is not locked out by the same failure.
The NIST Cybersecurity Framework 2.0 is helpful for mapping this to governance, protection, and recovery outcomes, while NIST SP 800-207 Zero Trust Architecture supports the principle that access should be continuously constrained even during operational change. These controls tend to break down when multiple teams share Meraki administration without a named rollback owner, because no one can prove authority to restore service quickly.
Common Variations and Edge Cases
Tighter change control often increases operational overhead, requiring organisations to balance speed against reversibility. That tradeoff becomes sharper in branch networks, incident response, and after-hours maintenance, where the person closest to the issue may not be the person authorised to reverse it.
There is no universal standard for this yet, but current guidance suggests that accountability should shift based on which layer failed. If the configuration itself was wrong, network operations owns execution quality. If privileged access or approval paths were weak, infrastructure or identity governance shares responsibility. If monitoring failed to detect the outage or restore access safely, security operations and resilience owners are in scope. In other words, the answer depends on whether the disruption was caused by design, execution, or recovery failure, not simply by who clicked save.
Edge cases also arise when a change is made by automation, an MSP, or a delegated admin. In those scenarios, the accountable party is still the organisation that granted the authority, even if the operator was external. The control question is whether the organisation can show documented approval, delegated scope, and timely revocation or rollback. For broader context on recurring identity and access failures, 52 NHI Breaches Analysis illustrates how weak ownership and poor containment keep operational mistakes from staying small.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | GV.OC, PR.AC, RC.RP | Change accountability spans governance, access control, and recovery planning. |
| NIST Zero Trust (SP 800-207) | PA-4, PEP | Meraki admin access should remain constrained and continuously evaluated. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Privileged non-human access and weak ownership often drive disruptive config changes. |
Assign named owners for approval, access, and rollback, then test recovery paths after each Meraki change.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
