5.5: Establish and Maintain an Inventory of Service Accounts
CSF v1.1 References:
PF v1.0 References:
Control is new to this version of the control set and incorporates the following controls from the previous version: 3.3: Protect Dedicated Assessment Accounts, 20.8: Control and Monitor Accounts Associated with Penetration Testing.
Control Statement
Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]