Network Device Management SRG Version Comparison

There are 25 differences between versions v4 r3 (June 7, 2023) (the "left" version) and v5 r2 (Oct. 24, 2024) (the "right" version).

Check SRG-APP-000700-NDM-000100 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

The network device must be configured to disable accounts when the accounts have expired.

Check Content

Verify the network device is configured to disable accounts when the accounts have expired. If the network device is not configured to disable accounts when the accounts have expired, this is a finding.

Discussion

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality, which reduce the attack surface of the system.

Fix

Configure the network device to disable accounts when the accounts have expired.