Re: User Login ID's

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Thu, 17 Dec 2009 11:06:06 CST, "McCrary, Barbara" said:
> Is it appropriate, secure, standard for administrators to maintain a list
> for tracking user id's for an application or system?

That will depend entirely on the exact nature of the app/system, the
users involved, other compensating controls, and the threat model you're
worried about.  Your auditors will have a cow if you don't have *some* way
of tracking who has access to a resource.  However, the details of the
method quickly become one of those great big "It Depends" in our industry...

Attachment: _bin
Description: