An error occurred:

Check: SRG-OS-000118-GPOS-00060

General Purpose Operating System SRG: SRG-OS-000118-GPOS-00060 (in versions v2 r7 through v1 r4)

Title

The operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. (Cat II impact)

Discussion

Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Operating systems need to track periods of inactivity and disable application identifiers after 35 days of inactivity.

Check Content

Verify the operating system disables account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. If it does not, this is a finding.

Fix Text

Configure the operating system to disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

Additional Identifiers

Rule ID: SV-203648r557191_rule

Vulnerability ID: V-203648

Group Title: SRG-OS-000118

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000795

The organization manages information system identifiers by disabling the identifier after an organization-defined time period of inactivity.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-4

Identifier Management