top of page
  • Writer's pictureCHTS

CIS #5: Managing Credentials

This month, we are focusing on Control #5 from the Center for Internet Security. This control recommends using tools and processes to manage all credentials used within an organization. Credentials such as:

  • User Accounts for the Local Network

  • Credentials for all Business Websites

  • Credentials for Hardware Devices

  • Credentials for Software Applications

  • Encryption Keys for Operating Systems

  • Combination Lock Codes

  • Alarm Codes

Ensuring that your credentials are strong, securely stored, monitored, and up to modern specifications has become a basic tenant of Cyber Hygiene. These credentials are the keys to your kingdom, and it’s vital to protect them with the proper processes. These processes include:

  • Using passphrases of at least 12 characters

  • Maintaining a complete inventory of all credentials used

  • Mandating unique passwords or passphrases

  • Restricting administrative privileges to dedicated accounts

  • Deleting or disabling dormant accounts

  • Documenting the organizations’ password policy

  • Using Multi-Factor Authentication (MFA) whenever possible

While this may seem like a large undertaking, the good news is there are tools to help regulate and even automate these processes. Some examples of these tools are:

  • Password Managers

  • Mobile Authenticator Apps for MFA

  • Physical Keys for MFA

CHTS is happy to assist you with the secure management of your organization’s credentials. Call us at 719-264-1384 and ask to speak to your Team Manager.

7 views0 comments

Recent Posts

See All
bottom of page