Centralize access control for all enterprise assets through a directory service or SSO provider, where supported.
Asset Type | Security Function | Implementation Groups |
---|---|---|
Users | Protect | 2, 3 |
- Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
- Safeguard 2.1: Establish and Maintain a Software Inventory
GV1
: Enterprise asset inventoryGV5
: Authorized software inventory
- Use
GV5
to identify all directory and SSO services - Use
GV1
to identify and enumerate assets that support directory and SSO services (M1) - Check the output of Operations 1 and 2 to ensure each asset is covered by at least one directory or SSO service
- Identify and enumerate assets that are covered by at least one directory or SSO services (M2)
- Identify and enumerate assets that are not covered by at least one directory or SSO service (M3)
- M1 = Count of assets capable of supporing directory and/or SSO services
- M2 = Count of assets covered by at least one directory or SSO service
- M3 = Count of assets not covered by at least one directory or SSO service
Metric | The percentage of assets that can support directory and SSO service |
covered by at least one directory or SSO service. |
Calculation | M2 / M1 |