R144. Remove inactive accounts periodically

Requirement

The organization must remove inactive user accounts periodically (purging).

Findings

References

  1. NIST 800-53 AC-2 (3) The information system automatically disables inactive accounts after [Assignment: organization-defined time period].

  2. NIST 800-53 AC-2 (10) The information system terminates shared/group account credentials when members leave the group.

  3. NIST 800-53 AC-2 (13) The organization disables accounts of users posing a significant risk within [Assignment: organization-defined time period] of discovery of the risk.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy