Network Device Management SRG Version Comparison

There are 11 differences between versions v5 r1 (July 24, 2024) (the "left" version) and v5 r3 (April 2, 2025) (the "right" version).

Check SRG-APP-000700-NDM-000100 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

The network device must be configured to disable accounts when the accounts have expired.

Check Content

Verify the network device is configured to disable accounts when the accounts have expired. If the network device is not configured to disable accounts when the accounts have expired, this is a finding.

Discussion

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality, which reduce the attack surface of the system.

Fix

Configure the network device to disable accounts when the accounts have expired.