Skip to end of banner
Go to start of banner

OMI-015: Active user IDs assigned to only one person

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

ID

OMI-015

Short Name

Active user IDs assigned to only one person

Long Name

Number of active user IDs assigned to only one person

Status

NOT RECOMMENDED

Indicator Version

1.0

Rationale

This indicator is present in the User Identification and Authentication section of CISWG, 2005.

Accountability over user IDs

It is a security good practice to assign user IDs for accountability purposes. Accountability is importantly weakened if the number of accountable persons is 0 or greater than 1.

In this indicator, the word assigned implies that the objective of this indicator is to monitor the assignment of user IDs to people. We do not recommend the usage of this indicator to pursue this objective. For this objective, other indicators should be considered such as ratio of active user IDs assigned to an accountable person.

Account sharing

Shared accounts is a well-known bad security practice that prevents traceability. We do not recommend the usage of this indicator to pursue the objective of complying with this requirement.

For this objective, other indicators should be considered such as active user IDs shared by several persons or ratio of active user IDs shared by several persons.

Quotes

18.1. (B) (SME) Number of active user IDs assigned to only one person

(CISWG, 2005, p. 22)

See Also

Contributors

David Doret 9 (1615 days ago)
  • No labels

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.