CISSP考试指南笔记：5.9 访问控制实践

The following is a list of tasks that must be done on a regular basis to ensure security stays at a satisfactory level:

• Deny access to systems to undefined users or anonymous accounts.
• Limit and monitor the usage of administrator and other powerful accounts.
• Suspend or delay access capability after a specific number of unsuccessful logon attempts.
• Remove obsolete user accounts as soon as the user leaves the company.
• Suspend inactive accounts after 30 to 60 days.
• Enforce strict access criteria.
• Enforce the need-to-know and least-privilege practices.
• Disable unneeded system features, services, and ports.
• Replace default password settings on accounts.
• Limit and monitor global access rules.
• Remove redundant resource rules from accounts and group memberships.
• Remove redundant user IDs, accounts, and role-based accounts from resource access lists.
• Enforce password rotation.
• Enforce password requirements (length, contents, lifetime, distribution, storage, and transmission).
• Audit system and user events and actions, and review reports periodically.
• Protect audit logs.

Unauthorized Disclosure of Information

Object Reuse

Object reuse issues pertain to reassigning to a subject media that previously contained one or more objects.

Sensitive data should be classified (secret, top secret, confidential, unclassified, and so on) by the data owners.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记：5.9 访问控制实践