Web Server SRG Version Comparison

There are 24 differences between versions v3 r3 (April 8, 2024) (the "left" version) and v4 r2 (Oct. 24, 2024) (the "right" version).

Check SRG-APP-000700-WSR-000100 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

The web server must disable accounts when the accounts have expired.

Check Content

Verify the web server is configured to disable accounts when the accounts have expired. If the web server is not configured to disable accounts when the accounts have expired, this is a finding.

Discussion

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.

Fix

Configure the web server to disable accounts when the accounts have expired.