20.8: Control and Monitor Accounts Associated With Penetration Testing
Any user or system accounts used to perform penetration testing should be controlled and monitored to make sure they are only being used for legitimate purposes, and are removed or restored to normal function after testing is over.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
N/A |
N/A |
2, 3 |
Dependencies
Sub-control 16.6: Maintain an Inventory of Accounts
Sub-control 20.1: Establish a Penetration Testing Program
Inputs
The historical inventory of user and system accounts (prior to input 3)
The current inventory of user and system accounts (after input 4)
The timestamp for the beginning of the most recent penetration testing period
The timestamp for the ending of the most recent penetration testing period
Operations
Enumerate historical user and system accounts (Input 1) and note any privileges specifically assigned for penetration testing (M1)
Enumerate the current user and system accounts and privileges for those accounts determined in Operation 1
Measures
M1 = The list of historical user and system accounts authorized for use in penetration testing
M2 = Count of historical user and system accounts authorized for use in penetration testing (count of M1)
M3 = The list of current user and system accounts that were authorized for use in penetration testing
M4 = Count of current user and system accounts that were authorized for use in penetration testing (count of M3)
M5 = The list of current user and system accounts with penetration testing privileges still assigned
M6 = Count of current user and system accounts with penetration testing privileges still assigned (count of M5)
Metrics
Privileged Accounts Remain
Metric |
If
M5 > 0, then privileged user accounts remain following the penetrationtesting period.
|
Calculation |
|