It's Account Management Time as we review Center for Internet Security Controls or CISControls, which are an industry standard to help businesses and organizations of all sizes maintain the bestpractice standards of Cybersecurity controls.

Control 5, is all about Account Management and the use of processes and tools to assign and manage authorization to credentials for user accounts, which includes you guessed it administrative and service accounts for your assets and software.

"You can't protect what you don't know" - Scott Davis

That quote holds true as we explore Safeguard 5.1 which is the establishing and maintenance of an inventory of accounts. At minimum your inventory should contain the person's name, username, start and stop dates, and department. You need to validate that all active accounts are authorized, on a recurring scheduled basis at a minimum once a quarter but more frequently may be needed pending your Add, Moves, and Changes.

Safeguard 5.1 is required for compliance across all three implementation groups and really should be required for every organization.

Before you think how will you ever manage that, remember Active Directory or Azure Active Directory is an inventory of your users, admins, and service accounts. Keeping this clean and updated is what we should be doing regardless because you don't want old employees accessing data.

Where Active Directory is going to fall short is your local user and server accounts. I recommend using Microsoft LAPS or the Windows Local Administrator Password Solution, which is a Windows feature that automatically manages and backs up the password of a local administrator account to your EntraID (Azure Active Directory) or Active Directory. It can also manage and backup the Directory Services Restore Mode (DSRM) account to your local domain controller, which an authorized administrator can retrieve.

LAPS is supported on Windows 10 and newer, and Windows Server 2019 and newer. Ohhh and it's FREE! Learn more about LAPS at https://lnkd.in/ebxGchxZ

From an auditing perspective I also love ❤️ the Liongard service here as it can audit Microsoft Windows Server, Workstations, and Active Directory, your Apple Mac Computers, and Linux systems user accounts.

Contact Info

717.884.9030

Scott@ScottRDavis.com