You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Critical Control 16 - Account Monitoring and Control
Actively manage the life-cycle of system and application accounts – their creation, use, dormancy, deletion – in order to minimize opportunities for attackers to leverage them.
PR.AC-1 Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
PR.AC-2 Physical access to assets is managed and protected
PR.AC-3 Remote access is managed
PR.AC-4 Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
PR.AC-5 Network integrity is protected (e.g., network segregation, network segmentation)
PR.AC-6 Identities are proofed and bound to credentials and asserted in interactions
PR.AC-7 Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)
DE.CM-1 The network is monitored to detect potential cybersecurity events
DE.CM-2 The physical environment is monitored to detect potential cybersecurity events
DE.CM-3 Personnel activity is monitored to detect potential cybersecurity events
DE.CM-4 Malicious code is detected
DE.CM-5 Unauthorized mobile code is detected
DE.CM-6 External service provider activity is monitored to detect potential cybersecurity events
DE.CM-7 Monitoring for unauthorized personnel, connections, devices, and software is performed