6.7: Centralize Access Control

Centralize access control for all enterprise assets through a directory service or SSO provider, where supported.

Asset Type	Security Function	Implementation Groups
Users	Protect	2, 3

Dependencies

Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 2.1: Establish and Maintain a Software Inventory

Inputs

GV1: Enterprise asset inventory
GV5: Authorized software inventory

Operations

Use GV5 to identify all directory and SSO services
Use GV1 to identify and enumerate assets that support directory and SSO services (M1)
Check the output of Operations 1 and 2 to ensure each asset is covered by at least one directory or SSO service
1. Identify and enumerate assets that are covered by at least one directory or SSO services (M2)
2. Identify and enumerate assets that are not covered by at least one directory or SSO service (M3)

Measures

M1 = Count of assets capable of supporing directory and/or SSO services
M2 = Count of assets covered by at least one directory or SSO service
M3 = Count of assets not covered by at least one directory or SSO service

Metrics

Coverage

Read the Docs v: stable

Versions: latest; stable

Downloads

On Read the Docs: Project Home; Builds