CIS Logo
tagline: Confidence in the Connected World

Account Monitoring and Control

CIS Control 16This is a foundational Control

Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.

CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls. Download CIS RAM

Why is this CIS Control critical?

Attackers frequently discover and exploit legitimate but inactive user accounts to impersonate legitimate users, thereby making discovery of attacker behavior difficult for security personnel watchers. Accounts of contractors and employees who have been terminated and accounts formerly set up for Red Team testing (but not deleted afterwards) have often been misused in this way. Additionally, some malicious insiders or former employees have gained access to accounts left behind in a system long after contract expiration, maintaining their access to an organization’s computing system and sensitive data for unauthorized and sometimes malicious purposes.

Main Points:
  • Require multi-factor authentication for all user accounts, on all systems, whether managed onsite or by a third-party provider.
  • Disable any account that cannot be associated with a business process or business owner.
Want to implement this foundational Control?

Download the CIS Controls for more details on implementing this and the other 19 Controls.

Download all
CIS Controls (PDF)

Already downloaded the CIS Controls?

We have several resources to help you implement: