Free DISA STIG and SRG Library | Vaulted

V-56771

The operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

Finding ID
SRG-OS-000118-GPOS-00060
Rule ID
SV-71031r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000118-GPOS-00060
CCI
CCI-000795
Target Key
(None)
Documentable
No
Discussion

Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Operating systems need to track periods of inactivity and disable application identifiers after 35 days of inactivity.

Fix Text

Configure the operating system to disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

Check Content

Verify the operating system disables account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. If it does not, this is a finding.