Please enable JavaScript.
Coggle requires JavaScript to display documents.
:star: G16 Account Monitoring and Control : (:checkered_flag:16-6 Monitor…
:star:
G16
Account Monitoring and Control :
:checkered_flag:
16-1
Review all system accounts
and disable any account that cannot be associated with a business process and owner.
:checkered_flag:
16-3
Establish and follow a process for revoking system access
by disabling accounts
immediately upon termination of an employee or contractor.
Disabling instead of deleting accounts allows preservation of audit trails.
:checkered_flag:
16-5
Configure screen locks on systems
to limit access to unattended workstations.
:checkered_flag:
16-6
Monitor account usage to determine dormant accounts
notifying the user or user's manager.
Disable such accounts if not needed,
or document and monitor exceptions
(e.g., vendor maintenance accounts needed for system recovery or continuity operations.)
Require that managers match active employees and contractors with each account belonging to their managed staff.
Security or system administrators should then disable accounts that are not assigned to valid workforce members.
:checkered_flag:
16-7
Use and configure account lockouts
such that after a set number of failed login attempts
the account is locked for a standard period of time.
:checkered_flag:
16-8
Monitor attempts to access deactivated accounts
through audit logging
:checkered_flag:
16-13
Ensure that all account usernames and authentication credentials shall
be required to use long passwords on the system (longer than 14 characters).
:checkered_flag:
16-14
Verify that all authentication files are encrypted or hashed
and that these files cannot be accessed without root or administrator privileges.
Audit all access to password files in the system.