Versions Compared

Old Version 3

changes.mady.by.user David Doret

Saved on

compared with

New Version 4

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

ID

OM-IND-0016

Name

Account Ownership

Alternative Names

Status

Status
colourGreen
titleRecommended

Indicator Version

1.0

Related Indicators

Rationale

Provides actionable information to implement OM-BP-0001: Account Ownership.

Accountability over inactive users

The indicator expressly mentions active user IDs. It should be left at the discretion of the organization to determine whether accountability must be enforced over all or a subset of inactive user IDs as well.

For instance, some high privileged accounts may be purposefully deactivated to reduce the attack surface of systems and reactivated as part of break-the-glass procedures. Such inactive accounts typically require clear accountability.

Account sharing

Shared accounts is a well-known bad security practice that prevents traceability.

...

Related Indicators

...

Limitations

Does not cover the issue of account sharing.

  •  Provide related best practice reference and control.

Quotes

18.1. (B) (SME) Number of active user IDs assigned to only one person

...