Account Monitoring and Control
CIS Control 16
Actively manage the lifecycle of system and application accounts – their creation, use, dormancy and deletion – in order to minimize opportunities for attackers to leverage them.
Why is this Critical?
Now more than ever, organizations are struggling to keep up with employee turnover and forget to deactivate the user accounts of former employees and contractors – a dangerous oversight that can be exploited by attackers for their own benefit. This CIS Control prescribes account monitoring and control as an effective strategy to decrease the number of opportunities for hackers to leverage inactive system or application accounts. By constantly monitoring accounts, irrelevant or inactive accounts can be removed and malicious intruders or former employees have less chance of accessing critical corporate data.