InformationThe macOS is able to be configured to set an automated termination for 72 hours or less for all temporary accounts upon account creation.
If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be targeted by attackers to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts _MUST_ be set to 72 hours (or less) when the temporary account is created.
If no policy is enforced by a directory service, a password policy can be set with the "pwpolicy" utility. The variable names may vary depending on how the policy was set.
If there are no temporary accounts defined on the system, this is Not Applicable.
SolutionThe technology inherently meets this requirement. No fix is required.