CIS #5: Managing Credentials

This month, we are focusing on Control #5 from the Center for Internet Security. This control recommends using tools and processes to manage all credentials used within an organization. Credentials such as:

• User Accounts for the Local Network

• Credentials for all Business Websites

• Credentials for Hardware Devices

• Credentials for Software Applications

• Encryption Keys for Operating Systems

• Combination Lock Codes

• Alarm Codes

Ensuring that your credentials are strong, securely stored, monitored, and up to modern specifications has become a basic tenant of Cyber Hygiene. These credentials are the keys to your kingdom, and it’s vital to protect them with the proper processes. These processes include:

• Using passphrases of at least 12 characters

• Maintaining a complete inventory of all credentials used

• Mandating unique passwords or passphrases

• Restricting administrative privileges to dedicated accounts

• Deleting or disabling dormant accounts

• Documenting the organizations’ password policy

• Using Multi-Factor Authentication (MFA) whenever possible

While this may seem like a large undertaking, the good news is there are tools to help regulate and even automate these processes. Some examples of these tools are:

• Password Managers

• Mobile Authenticator Apps for MFA

• Physical Keys for MFA

CHTS is happy to assist you with the secure management of your organization’s credentials. Call us at 719-264-1384 and ask to speak to your Team Manager.