General Purpose Operating System SRG Version Comparison

There are 27 differences between versions v2 r7 (Jan. 24, 2024) (the "left" version) and v3 r2 (Jan. 30, 2025) (the "right" version).

Check SRG-OS-000590-GPOS-00110 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

The operating system must disable accounts when the accounts are no longer associated to a user.

Check Content

Verify the operating system is configured to disable accounts when the accounts are no longer associated to a user. If the operating system is not configured to disable accounts when the accounts are no longer associated to a user, this is a finding.

Discussion

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.

Fix

Configure the operating system to disable accounts when the accounts are no longer associated to a user.