Back

Configure the system to issue a security alert when an administrator account is created.


CONTROL ID
12122
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure each system's security alerts to organizational standards., CC ID: 12113

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Powerful network analysis and monitoring tools, such as protocol analysers, network scanning and sniffer tools, are normally used for monitoring network performance and detecting potential or actual intrusions. These powerful network tools should be protected from unauthorized usage (e.g. viewing of… (6.1.5, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • Configure systems to issue a log entry and alert when an account is added to or removed from a domain administrators group, or when a new local administrator account is added on a system. (Control 5.4, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges. (CIS Control 4: Sub-Control 4.8 Log and Alert on Changes to Administrative Group Membership, CIS Controls, 7.1)
  • Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges. (CIS Control 4: Sub-Control 4.8 Log and Alert on Changes to Administrative Group Membership, CIS Controls, V7)