Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes maintain a best practice standard of Cybersecurity controls.

Safeguard 5.6 wraps up Account Management and while it's only required as part of Implementation Groups 2 and 3, this is something you likely already have in place - in fact I would probably bet that you have it in place today.

Safeguards 5.1 and 5.5 hit the inventory aspect where you need to know what you have to secure from users, admins, and any service accounts. Safeguard 5.6 simply requires you to "Centralize Account Management". Wait that's it?

Yes, that's it. So if you have a local Microsoft Windows Domain (AD) or Microsoft Azure AD (AAD), or even a Red Hat Linux Domain then you have the centralized account management. Really the only way you don't have this is if you are still using POP3 and Workgroups - that's so 1990 of you.

As more companies migrate to cloud services the need for Identity Access Management (IAM is critical. Your account management should be where your base infrastructure is, locally or in the cloud. From there tie in Single Sign On (SSO) wherever you can and let your employees enjoy the freedom of only having to remember 1 credential.

So to recap, Control 5, if you are running EntraID or a local domain, with maybe just a little house cleaning you can check off 5.1, 5.3, 5.4, and 5.6. 5.2 and 5.5 may require a little more work depending on your business and how you willingness to split your administrative access from your standard account.