20.8: Control and Monitor Accounts Associated with Penetration Testing
CSF v1.1 References:
PF v1.0 References:
The next version of the control set incorporates all or part of this control into: 5.5: Establish and Maintain an Inventory of Service Accounts.
Control Statement
Any user or system accounts used to perform penetration testing should be controlled and monitored to make sure they are only being used for legitimate purposes, and are removed or restored to normal function after testing is over.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]