The organization must remove inactive user accounts periodically (purging).
NIST 800-53 AC-2 (3)
The information system automatically disables inactive accounts
after [Assignment: organization-defined time period].
NIST 800-53 AC-2 (10)
The information system terminates shared/group account credentials
when members leave the group.
NIST 800-53 AC-2 (13)
The organization disables accounts of users posing a significant risk
within [Assignment: organization-defined time period]
of discovery of the risk.
Ready to start with Fluid Attacks?
Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.