6.7: Centralize Access Control
Centralize access control for all enterprise assets through a directory service or SSO provider, where supported.
Asset Type |
Security Function |
Implementation Groups |
---|---|---|
Users |
Protect |
2, 3 |
Dependencies
Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 2.1: Establish and Maintain a Software Inventory
Inputs
GV1
: Enterprise asset inventoryGV5
: Authorized software inventory
Operations
Use
GV5
to identify all directory and SSO servicesUse
GV1
to identify and enumerate assets that support directory and SSO services (M1)- Check the output of Operations 1 and 2 to ensure each asset is covered by at least one directory or SSO service
Identify and enumerate assets that are covered by at least one directory or SSO services (M2)
Identify and enumerate assets that are not covered by at least one directory or SSO service (M3)
Measures
M1 = Count of assets capable of supporing directory and/or SSO services
M2 = Count of assets covered by at least one directory or SSO service
M3 = Count of assets not covered by at least one directory or SSO service