20.8: Control and Monitor Accounts Associated with Penetration Testing

CSF v1.1 References:

PF v1.0 References:

Group:

Info icon.

The next version of the control set incorporates all or part of this control into: 5.5: Establish and Maintain an Inventory of Service Accounts.

Control Statement

Any user or system accounts used to perform penetration testing should be controlled and monitored to make sure they are only being used for legitimate purposes, and are removed or restored to normal function after testing is over.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]