Account and Credential Management Policy Template for CIS Controls 5 and 6
Accounts and credentials such as passwords are how we access phones, tablets, workstations, and web applications. Each of these accounts can be used to gain unauthorized access into an enterprise’s walled garden to steal data. There are many ways to covertly obtain access to accounts such as weak passwords, old accounts from a fired employee, or passwords involved in a data breach for a separate company that are also used on your systems. There are multiple types of accounts that often need to be managed.
This policy template is meant to supplement the CIS Controls v8. The policy statements included within this document can be used by all CIS Implementation Groups (IGs), but are specifically geared towards Safeguards in Implementation Group 1 (IG1).