12.5: Centralize Network Authentication, Authorization, and Auditing (AAA)
Centralize network AAA.
Asset Type |
Security Function |
Implementation Groups |
---|---|---|
Network |
Protect |
2, 3 |
Dependencies
Safeguard 2.1: Establish and Maintain a Software Inventory
Inputs
GV5
: Authorized Software InventoryGV35
: Assets that are part of the network infrastructure
Operations
Use Input 1
GV5
to identify and enumerate all AAA services within the enterpriseGV38
(M1)- For each centralized AAA point indentifed in Operation 1, determine whether it is necessary or can be consolidated
Identify and enumerate authentication points that are unnecesary or can be consolidated (M2)
Identify and enumerate authentication points that are necesary and cannot be consolidated (M3)
- Use the output of Operation 1 to check if each asset in Input 2
GV35
is covered by at least one AAA system Identify and enumerate network infrastructure assets that are covered by at least one AAA system (M4)
Identify and enumerate network infrastructure assets that are not covered by an AAA system (M5)
- Use the output of Operation 1 to check if each asset in Input 2
Measures
M1 = Count of AAA services within the enterprise
M2 = Count of unnecessary AAA services
M3 = Count of necessary AAA services
M4 = Count of network infrastructure covered by AAA services
M5 = Count of network infrastructure not covered by AAA services
M6 = Count of
GV35
Metrics
Centralized AAA
Metric |
Percentage of properly centralized AAA services
|
Calculation |
|
Network Coverage
Metric |
Percentage of network infrastructure assets managed through AAA
|
Calculation |
|