The system must allow superusers or system administrators to disable user accounts.
HIPAA Security Rules 164.308(a)(3)(ii)(A): Authorization and/or supervision (Addressable): Implement procedures for the authorization and/or supervision of workforce members who work with electronic protected health information or in locations where it might be accessed.
ISO 27001:2013. Annex A - 9.2.1 Implement a formal process for user registration and deletion in order to enable access rights assignation.
ISO 27001:2013. Annex A - 9.2.2 Implement a formal access granting process to assign or revoke access rights to all types of users to systems and services.
NERC CIP-004-6. B. Requirements and measures. R5 Each Responsible Entity shall implement one or more documented access revocation program(s).
PCI DSS v3.2.1 - Requirement 8.1.2 Control addition, deletion, and modification of user IDs, credentials, and other identifier objects.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation