CCI-003628
Disable accounts when the accounts are no longer associated to a user.
The Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.
1 rule found Severity: Medium
The DNS server implementation must disable accounts when the accounts are no longer associated to a user.
1 rule found Severity: Medium
1 rule found Severity: High
The Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
1 rule found Severity: High
The network device must be configured to disable accounts when the accounts are no longer associated to a user.
1 rule found Severity: Medium
The Riverbed NetProfiler must be configured to use an authentication server to authenticate users prior to granting administrative access.
2 rules found Severity: High
The TippingPoint SMS must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
1 rule found Severity: Medium
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
1 rule found Severity: High
TOSS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
1 rule found Severity: Medium
1 rule found Severity: Medium
10 rules found Severity: Medium
AAA Services must be configured to disable accounts when the accounts are no longer associated to a user.
1 rule found Severity: Medium
1 rule found Severity: Medium
Ubuntu 22.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
Forescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
1 rule found Severity: Medium
1 rule found Severity: Medium
The IBM z/OS system administrator (SA) must develop a procedure to automatically remove or disable temporary user accounts after 72 hours.
1 rule found Severity: Medium
The IBM z/OS system administrator (SA) must develop a process to disable emergency accounts after the crisis is resolved or 72 hours.
1 rule found Severity: Medium
IBM z/OS system administrator must develop a procedure to remove or disable temporary user accounts after 72 hours.
1 rule found Severity: Medium
IBM z/OS system administrator (SA) must develop a procedure to remove or disable temporary user accounts after 72 hours.
1 rule found Severity: Medium
IBM z/OS system administrator (SA) must develop a procedure to remove or disable emergency accounts after the crisis is resolved or 72 hours.
1 rule found Severity: Medium
The Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.
1 rule found Severity: Medium
1 rule found Severity: Medium
The OL 8 system-auth file must disable access to the system for account identifiers (individuals, groups, roles, and devices) with 35 days of inactivity.
1 rule found Severity: Medium
The OL 8 password-auth file must disable access to the system for account identifiers (individuals, groups, roles, and devices) with 35 days of inactivity.
1 rule found Severity: Medium
RHEL 9 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
1 rule found Severity: Medium
The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.
1 rule found Severity: Medium