3.3: Protect Dedicated Assessment Accounts
Use a dedicated account for authenticated vulnerability scans, which should not be used for any other administrative activities and should be tied to specific machines at specific IP addresses.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Users |
Protect |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Inputs
List of vulnerability scanning accounts
List of vulnerability scanning machines
Operations
For each vulnerability scanning account, ensure account configuration to log in only to one or more of the vulnerability scanning machines
Measures
M1 = Total number of vulnerability scanning accounts (from Input 1)
M2 = List of vulnerability scanning accounts configured to log in only to one or more of the vulnerability scanning machines
M3 = Count of M2
M4 = List of vulnerability scanning account configured to log in to any machine other than one of the vulnerability scanning machines
M5 = Count of M4
Metrics
Misconfigured Account Ratio
Metric |
Ratio of misconfigured vulnerability scanning accounts to the total number of
vulnerability scanning accounts
|
Calculation |
|