3.3: Protect Dedicated Assessment Accounts
Threats Addressed:
The next version of the control set incorporates all or part of this control into: 5.5: Establish and Maintain an Inventory of Service Accounts.
Control Statement
Use a dedicated account for authenticated vulnerability scans, which should not be used for any other administrative activities and should be tied to specific machines at specific IP addresses.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]