Let's explore Center for Internet Security Controls or CISControls, which have become an industry standard to help businesses and organizations of all sizes maintain a bestpractice standard of Cybersecurity controls.

Control 5, is all about Account Management and the use of processes and tools to assign and manage authorization to credentials for user accounts, which includes you guessed it administrative and service accounts for your assets and software.

"You can't protect what you don't know" - Scott Davis

Safeguard 5.2 requires everyone to Use Unique Passwords - I know it's not rocket science but many Service Providers out there are still using default passwords or password patterns for their clients.

Using the same password was standard policy and practice just years ago, but with password managers and documentation tools becoming the standard there is no need that at a minimum a unique password is used.

Safeguard 5.2 requires at a minimum an 8-character password for accounts when using MFA, or a 14-character password used if MFA is not in use.

If it's an administrative level account - then why are you not using MFA is a different question altogether.

So your domain administrative and service accounts, and even your Microsoft Entra ID accounts are the easy ones here to rollout. Update the passwords and document them in a secure password manager so when you need it you can obtain it.

A good practice is to reset those passwords at least once a year if you are meeting those minimum's above.

Local accounts get a little harder, and I've promoted Microsoft LAPS or the Windows Local Administrator Password Solution before that can automatically randomize and rotate your credentials for all those local workstations. LAPS is supported on Windows 10 and newer, and Windows Server 2019 and newer. Ohhh and it's FREE! Learn more about LAPS at https://lnkd.in/ebxGchxZ