Skip to content
ATO Pathways
  Log In

CCI-003628

Disable accounts when the accounts are no longer associated to a user.

Logo
1

Rule

Severity: Medium
AAA Services must be configured to disable accounts when the accounts are no longer associated to a user.
Logo
2

Rule

Severity: Medium
The macOS system must disable accounts after 35 days of inactivity.
Logo
1

Rule

Severity: Medium
The application server must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
Ubuntu 22.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Logo
1

Rule

Severity: Medium
The Central Log Server must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
The Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.
Logo
1

Rule

Severity: Medium
The DBMS must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
The container platform must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
The DNS server implementation must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
Forescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
Logo
1

Rule

Severity: Medium
The operating system must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
The IBM z/OS system administrator (SA) must develop a procedure to automatically remove or disable temporary user accounts after 72 hours.
Logo
1

Rule

Severity: Medium
The IBM z/OS system administrator (SA) must develop a process to disable emergency accounts after the crisis is resolved or 72 hours.
Logo
1

Rule

Severity: Medium
IBM z/OS system administrator must develop a procedure to remove or disable temporary user accounts after 72 hours.
Logo
1

Rule

Severity: Medium
IBM z/OS system administrator must develop a procedure to remove or disable emergency accounts after the crisis is resolved or 72 hours.
Logo
1

Rule

Severity: Medium
IBM z/OS system administrator (SA) must develop a procedure to remove or disable temporary user accounts after 72 hours.
Logo
1

Rule

Severity: Medium
IBM z/OS system administrator (SA) must develop a procedure to remove or disable emergency accounts after the crisis is resolved or 72 hours.
Logo
1

Rule

Severity: High
The ICS must be configured to prevent nonprivileged users from executing privileged functions.
Logo
1

Rule

Severity: High
The Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
Logo
1

Rule

Severity: Medium
The Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.
Logo
1

Rule

Severity: Medium
The Mainframe Product must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
The network device must be configured to disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
The OL 8 system-auth file must disable access to the system for account identifiers (individuals, groups, roles, and devices) with 35 days of inactivity.
Logo
1

Rule

Severity: Medium
The OL 8 password-auth file must disable access to the system for account identifiers (individuals, groups, roles, and devices) with 35 days of inactivity.
Logo
2

Rule

Severity: High
The Riverbed NetProfiler must be configured to use an authentication server to authenticate users prior to granting administrative access.
Logo
1

Rule

Severity: Medium
RHEL 9 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Logo
1

Rule

Severity: Medium
The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.
Logo
2

Rule

Severity: Medium
User accounts must be locked after 35 days of inactivity.
Logo
1

Rule

Severity: Medium
The TippingPoint SMS must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
Logo
1

Rule

Severity: High
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
Logo
1

Rule

Severity: Medium
TOSS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Logo
1

Rule

Severity: Medium
The VMM must disable accounts when the accounts are no longer associated to a user.
Logo
1

Rule

Severity: Medium
The web server must disable accounts when the accounts are no longer associated to a user.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules