search

adammontville / cis-controls-71-measures

0 stars 0 forks source link

Subcontrol 16.10 #150

Open adammontville opened 5 years ago

adammontville commented 5 years ago

Ensure that all accounts have an expiration date that is monitored and enforced.

Measures

None provided

Metrics

None provided
apiperCIS commented 5 years ago

Inputs 1) Account Inventory 2) Authentication System Inventory 3) Approved Configuration(s) for ensuring that account expiration dates are automatically enforced (there may be multiple configurations that vary by type of authentication system, etc.) 4) Optional: Maximum amount of time in the future allowed for an expiration date (example: the organization may require all accounts to have an expiration date no more than 1 year in the future so that all accounts must be re-justified every year). This time frame could be specific to certain account types (Administrator for example), or specific to certain authentication systems.

Operations 1) For each account in the account inventory (Input 1), check to see if that account has a valid expiration date that is in the future. If the optional Input 4 was provided, also verify if that expiration date complies with any applicable additional time frame restrictions. Based on these checks, create a list (M1) of accounts with valid expiration dates, and a list (M2) of accounts with invalid expiration dates (noting why the expiration date is invalid). 2) For each authentication system in Input 2, check to see if it is configured according to the appropriate configuration(s) from Input 3. Based on this check, create a list (M3) of authentication systems that are configured correctly, and a list (M4) of authentication systems that are not configured correctly (noting the deviations).

Measures M1: List of accounts with valid expiration dates M2: List of accounts with invalid expiration dates M3: List of authentication systems that are configured correctly M4: List of authentication systems that are not configured correctly M5: Count of accounts with valid expiration dates (count of M1) M6: Total count of accounts (count of Input 1) M7: Count of authentication systems that are configured correctly (count of M3) M8: Total count of authentication systems (count of Input 2)

Metrics Ratio of accounts with valid expiration dates: M5 / M6 Ratio of correctly configured authentication systems: M7 / M8