Skip to content
Log In

CCI-000795

The organization manages information system identifiers by disabling the identifier after an organization-defined time period of inactivity.

Set Account Expiration Following Inactivity

4 rules found Severity: Medium

Logo

Set existing passwords a period of inactivity before they been locked

14 rules found Severity: Medium

Logo

Set Account Expiration Following Inactivity in password-auth

2 rules found Severity: Medium

Logo

Set Account Expiration Following Inactivity in system-auth

2 rules found Severity: Medium

Logo

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

1 rule found Severity: Medium

Logo

IBM Aspera Faspex must disable account identifiers after 35 days of inactivity.

1 rule found Severity: Medium

Logo

The MQ Appliance must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

1 rule found Severity: Medium

Logo

The IBM z/VM Security Manager must provide a procedure to disable userIDs after 35 days of inactivity.

1 rule found Severity: Medium

Logo

Nutanix AOS must be configured to disable user accounts after the password expires.

1 rule found Severity: Low

Logo

The Ubuntu operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

2 rules found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must disable account identifiers (individuals, groups, roles, and devices) if the password expires.

1 rule found Severity: Medium

Logo

JBoss management Interfaces must be integrated with a centralized authentication mechanism that is configured to manage accounts according to DoD policy.

1 rule found Severity: Medium

Logo

MKE must be configured to integrate with an Enterprise Identity Provider.

1 rule found Severity: Medium

Logo

Unused accounts must be disabled or removed from the system after 35 days of inactivity.

4 rules found Severity: Low

Logo

Outdated or unused accounts must be removed from the system or disabled.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must disable account identifiers (individuals, groups, roles, and devices) if the password expires.

1 rule found Severity: Medium

Logo

SLEM 5 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.

1 rule found Severity: Medium

Logo

The macOS system must disable accounts after 35 days of inactivity.

1 rule found Severity: Medium

Logo

The application must disable device identifiers after 35 days of inactivity unless a cryptographic certificate is used for authentication.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

1 rule found Severity: Medium

Logo

Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.

1 rule found Severity: Medium

Logo

Windows Server 2019 outdated or unused accounts must be removed or disabled.

1 rule found Severity: Medium

Logo

Windows Server 2022 outdated or unused accounts must be removed or disabled.

1 rule found Severity: Medium

Logo

Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.

1 rule found Severity: Medium

Logo

The OL 8 system-auth file must disable access to the system for account identifiers (individuals, groups, roles, and devices) with 35 days of inactivity.

1 rule found Severity: Medium

Logo

The OL 8 password-auth file must disable access to the system for account identifiers (individuals, groups, roles, and devices) with 35 days of inactivity.

1 rule found Severity: Medium

Logo

OpenShift must use FIPS validated LDAP or OpenIDConnect.

1 rule found Severity: High

Logo

RHEL 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity.

1 rule found Severity: Medium

Logo

RHEL 9 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

1 rule found Severity: Medium

Logo

The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.

2 rules found Severity: Medium

Logo

User accounts must be locked after 35 days of inactivity.

2 rules found Severity: Medium

Logo

The Photon operating system must disable new accounts immediately upon password expiration.

1 rule found Severity: Medium

Logo

The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.

3 rules found Severity: Medium

Logo

Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.

1 rule found Severity: High

Logo