4.7: Manage Default Accounts on Enterprise Assets and Software

CSF v1.1 References:

PR.AC-1

PF v1.0 References:

PR.AC-P1

Threats Addressed:

Elevation of Privilege

Group:

Previous Version:

Critical Security Controls Version 7.1:
4.2: Change Default Passwords

Control Statement

Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4