The macOS system must disable accounts after 35 days of inactivity.
An XCCDF Rule
Description
<VulnDiscussion>The macOS must be configured to disable accounts after 35 days of inactivity. This rule prevents malicious users from making use of unused accounts to gain access to the system while avoiding detection.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-259552r941278_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the macOS system to disable accounts after 35 days of inactivity with the following command:
This setting may be enforced using local policy or by a directory service.
To set local policy to disable an inactive user after 35 days, edit the current password policy to contain the following <dict> within the "policyCategoryAuthentication":