Database SRG Version Comparison

There are 28 differences between versions v3 r4 (Jan. 24, 2024) (the "left" version) and v4 r2 (Oct. 24, 2024) (the "right" version).

Check SRG-APP-000700-DB-000100 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

The DBMS must disable accounts when the accounts have expired.

Check Content

Verify the DBMS is configured to disable accounts when the accounts have expired. If the DBMS is not configured to disable accounts when the accounts have expired, this is a finding.

Discussion

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality, which reduce the attack surface of the system.

Fix

Configure the DBMS to disable accounts when the accounts have expired.