5.1: Establish and Maintain an Inventory of Accounts

Control Statement

Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory, at a minimum, should contain the person’s name, username, start/stop dates, and department. Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]