The Mainframe Product must disable accounts when the accounts are no longer associated to a user.
An XCCDF Rule
Description
Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality, which reduce the attack surface of the system.
- ID
- SV-263670r982579_rule
- Version
- SRG-APP-000705-MFP-000110
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the Mainframe Product to disable accounts when the accounts are no longer associated to a user.