REQ.144 Purify accounts periodically
The organization must purify user accounts periodically.
NIST 800-53 AC-2 (3) The information system automatically disables inactive accounts after [Assignment: organization-defined time period].
NIST 800-53 AC-2 (10) The information system terminates shared/group account credentials when members leave the group.
NIST 800-53 AC-2 (13) The organization disables accounts of users posing a significant risk within [Assignment: organization-defined time period] of discovery of the risk.