R144. Remove inactive accounts periodically

Requirement

The organization must remove inactive user accounts periodically (purging).

Findings

References

  1. CIS Controls. 16.9 Disable Dormant Accounts. Automatically disable dormant accounts after a set period of inactivity.

  2. NIST 800-53 AC-2 (3) The information system automatically disables inactive accounts after [Assignment: organization-defined time period].

  3. NIST 800-53 AC-2 (10) The information system terminates shared/group account credentials when members leave the group.

  4. NIST 800-53 AC-2 (13) The organization disables accounts of users posing a significant risk within [Assignment: organization-defined time period] of discovery of the risk.

  5. PCI DSS v3.2.1 - Requirement 8.1.4 Remove/disable inactive user accounts within 90 days.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy