5.5: Establish and Maintain an Inventory of Service Accounts

CSF v1.1 References:

PF v1.0 References:

Group:

Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: 3.3: Protect Dedicated Assessment Accounts, 20.8: Control and Monitor Accounts Associated with Penetration Testing.

Control Statement

Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]