16.2: Configure Centralized Point of Authentication
Configure access for all accounts through as few centralized points of authentication as possible, including network, security, and cloud systems.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Users |
Protect |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
The list of endpoints
Operations
Enumerate centralized authentication points in inventory
For each identified centralized authentication point to determine necessity (i.e. can a given authentication system be consolidated with another?)
Enumerate the list of unnecessary centralized authentication points
Measures
M1 = List of centralized authentication points in inventory
M2 = List of unnecessary centralized authentication points
M3 = Count of centralized authentication points in the inventory (The count of M1)
M4 = Count of unnecessary centralized authentication points (The count of M2)
M5 = M3 - M4 (the target number of centralized authentication points)
Metrics
Coverage
Metric |
The ratio of desired centralized authentication points to actual authentication
points, where the goal is for M5 / M3 = 1.
|
Calculation |
|