GRCWatch
Sign inStart free trial

Centralize Network Authentication, Authorization, and Auditing (AAA)

Network AAA centralization is critical to preventing unauthorized access and detecting compromise across your infrastructure. Without centralized controls, inconsistent authentication policies create blind spots that attackers exploit. CIS Control 12.5 requires organizations to consolidate identity management to enforce consistent access rules and maintain complete audit trails.

What this means

Centralized AAA consolidates user authentication (proving identity), authorization (granting permissions), and auditing (recording access) through a single control point rather than distributed systems. This means deploying solutions like LDAP, Active Directory, or cloud identity platforms that enforce consistent password policies, manage role-based access, and generate comprehensive logs of all network access attempts—successful and failed. Centralization eliminates configuration drift, reduces orphaned accounts, and enables real-time threat detection across your entire network.

How to comply

  1. 1.Select a centralized AAA platform (Active Directory, LDAP, cloud IAM, or RADIUS) appropriate for your infrastructure
  2. 2.Configure all network devices, servers, and applications to authenticate against the centralized system
  3. 3.Define and enforce consistent authentication policies (password complexity, multi-factor authentication, session timeouts)
  4. 4.Implement role-based access control (RBAC) with least-privilege principles in the AAA system
  5. 5.Enable comprehensive logging and auditing of all authentication, authorization, and access events
  6. 6.Monitor logs in real-time for suspicious login attempts, privilege escalation, and policy violations
  7. 7.Regularly review and revoke access for terminated employees and unused accounts
  8. 8.Test AAA failover procedures to ensure authentication continues during primary system outages

Evidence auditors look for

  • Active Directory or LDAP configuration documentation showing centralized user directory
  • AAA system configuration files with authentication and authorization policies
  • Network device configs authenticated to centralized AAA (switches, routers, firewalls)
  • Application authentication logs showing integration with centralized platform
  • Access control lists defining role-based permissions and privilege levels
  • Audit logs capturing authentication attempts, authorizations granted, and access events
  • Multi-factor authentication (MFA) policy enforcement records
  • Quarterly access reviews documenting account audits and permission validations

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates CIS 12.5 compliance by continuously monitoring your AAA system configurations, tracking authentication policy enforcement across network devices, and generating audit-ready reports of centralized access controls—eliminating manual configuration reviews and evidence gathering.

See how GRCWatch handles this control automatically

Start free trial

Related controls

CIS 6.1 — Establish an Access Control ProgramCIS 6.2 — Establish Access Control Policies and ProceduresCIS 6.3 — Require Multi-Factor AuthenticationCIS 6.4 — Require Multi-Factor Authentication for Remote Network AccessCIS 6.5 — Require Multi-Factor Authentication for Administrative Access