wmunyan
commented
4 years ago Inputs:
- The inventory of user accounts
- The timestamp for the beginning of the most recent penetration testing period
- The timestamp for the ending of the most recent penetration testing period
Operations:
- Prior to the timestamp provided by Input 2, enumerate, from the inventory of user accounts (Input 1), the list of user accounts and any privileges specifically assigned for penetration testing (M1).
- Following the penetration testing time period (after the timestamp provided by Input 3), re-enumerate the accounts and privileges for those accounts determined in Operation 1.
Measures:
- M1 = The number of user accounts authorized for use in penetration testing prior to the penetration testing period
- M2 = The number of user accounts granted "special" privileges for the purposes of penetration testing.
- M3 = The number of user accounts granted "special" privileges for the purposes of penetration testing following the conclusion of the penetration testing period
Metrics:
- If M3 > 0, then privileged user accounts remain following the penetration testing period.
adammontville
Any user or system accounts used to perform penetration testing should be controlled and monitored to make sure they are only being used for legitimate purposes, and are removed or restored to normal function after testing is over.
Measures
Metrics