CIS Controls v8 Overview- Control 05

Our review of the CIS Controls v8 continues with today’s post about Control 05.

Control 05: Account Management— Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.

Why is this control important?

Attackers prefer to gain unauthorized access to enterprise assets or data through using valid user credentials rather than “hacking”. There are many ways to gain access including weak passwords, accounts of departed users still active, dormant accounts, and test accounts. Administrator or High Value accounts (CEOs, COOs) are favored targets because they often are used by attackers to add other accounts or modify assets to make them more vulnerable. Account logging and monitoring is also a critical component of security operations. While account logging and monitoring are covered in CIS Control 08: Audit Log Management, it is important in the development of a comprehensive Identity and Access Management (IAM) program.

And its safeguards?

The control has six (6) Safeguards that cover the key actions to establish and maintain secure configurations including Account Inventory, Unique Password, Dormant Account, Administrator Accounts, Services Accounts, and Centralized Management.

How is this Control implemented?

Account credentials are assets that must be inventoried and tracked with regular audits to ensure all accounts align with authorized users, with special attention given to administrator accounts and service accounts. Automated tools, such as SecurEnds CEM, greatly improve audit effectiveness.

Administrators should have separate accounts– one for daily functions, the other specifically used for administrative tasks. Multi-factor Authentication (MFA) should also be used for remote access. Passwords should require changing every 30–60 days with limited password reuse. All workstations should automatically screen lock after 15 minutes.

Key Reminder(s)

Like inventories for enterprise assets and software, account credentials should be continually managed to minimize an attacker’s ability to threaten an organization.

In the next post, we’ll look at Control 06: Access Control. If you enjoyed this post, please 𝙇𝙞𝙠𝙚 and 𝙎𝙝𝙖𝙧𝙚! Search for the IAM Series for more information.

Contact Temples Consulting to schedule a no cost consultation for Account Management using SecurEnds solutions.

#cybersecurity #security #infosec #informationsecurity #riskmanagement #ciscontrols #cissecuresuite #safeguards #ciscontrolsv8 #templesconsultinggroup #security #clarity #delivery #riskassessment #riskremediation #risk2remediation #software #cyber #governance #GRC #implementations #dataprotection #datasecurity #securends #IAM #IdentityAccessManagement