IG1 IG2 IG3

Manage Default Accounts on Enterprise Assets and Software

Control Group: 4. Secure Configuration of Enterprise Assets and Software

Asset Type: Users

Security Function: Protect

Description

Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.

Implementation Checklist

1

Assess current protection controls in place

2

Configure and deploy required security controls

3

Test control effectiveness in non-production environment

4

Deploy to production and verify functionality

5

Document configuration and operational procedures

6

Inventory all third-party service providers

7

Classify third parties by risk level

8

Conduct security assessments of critical vendors

9

Include security requirements in contracts

Tool Recommendations

Microsoft Intune Gartner MQ Leader, UEM 2024

Unified endpoint management platform for device enrollment, software deployment, configuration, and compliance across Windows, macOS, iOS, and Android

Microsoft · Per-user/per-device subscription

VMware Workspace ONE Gartner MQ Leader, UEM 2024

Digital workspace platform combining UEM with virtual app delivery and zero-trust access for endpoint management

Broadcom (VMware) · Per-device subscription

Jamf Pro Gartner MQ Leader, UEM 2024

Apple device management platform for macOS and iOS endpoint configuration, security, and software deployment

Jamf · Per-device subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Exploitation of Default Administrator Credentials

Confidentiality

Attackers use widely known default credentials (admin/admin, root/root, sa/blank) to gain administrative access to systems, applications, and network devices.

Automated Botnet Attacks on Default Accounts

Availability

Internet-facing systems with active default accounts are compromised by automated botnets that systematically attempt default credential combinations across common platforms.

Privilege Escalation via Vendor Backdoor Accounts

Integrity

Undocumented or unmanaged pre-configured vendor accounts with elevated privileges are discovered by attackers, providing a persistent backdoor path to administrative access.

Vulnerabilities (When Safeguard Absent)

Active Default Accounts with Known Credentials

Default accounts shipped by vendors remain active and unchanged, providing publicly documented credentials that any attacker can use for immediate system access.

No Process to Identify and Manage Pre-Configured Accounts

Without a process to discover and manage default accounts during deployment, vendor-supplied accounts persist unnoticed throughout the system's lifecycle.

Evidence Requirements

Type	Evidence Item	Collection Frequency
Technical	Configuration screenshots or exports showing protection controls enabled	Captured quarterly
Document	Procedure documentation for protection measures	Reviewed annually
Document	Governing policy document (current, approved, communicated)	Reviewed annually

Related Policy Templates

Secure Configuration Management Policy

Control 4, Control 9, Control 12

Related Safeguards in Control 4

4.1 Establish and Maintain a Secure Configuration Process

4.2 Establish and Maintain a Secure Configuration Process for Network Infrastructure

4.3 Configure Automatic Session Locking on Enterprise Assets

4.4 Implement and Manage a Firewall on Servers

4.5 Implement and Manage a Firewall on End>User Devices

4.6 Securely Manage Enterprise Assets and Software

4.8 Uninstall or Disable Unnecessary Services on Enterprise Assets and Software

4.9 Configure Trusted DNS Servers on Enterprise Assets

4.10 Enforce Automatic Device Lockout on Portable End>User Devices

4.11 Enforce Remote Wipe Capability on Portable End>User Devices

4.12 Separate Enterprise Workspaces on Mobile End>User Devices