800-53|AC-2(2)

Title

REMOVAL OF TEMPORARY / EMERGENCY ACCOUNTS

Description

The information system automatically [Selection: removes; disables] temporary and emergency accounts after [Assignment: organization-defined time period for each type of account].

Supplemental

This control enhancement requires the removal of both temporary and emergency accounts automatically after a predefined period of time has elapsed, rather than at the convenience of the systems administrator.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.7 APPL-14-000012	Unix	CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.31 WN16-00-000340	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.31 WN16-00-000340	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.31 WN22-00-000310	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.31 WN22-00-000310	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.39 UBTU-24-200250	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.79 UBTU-22-411040	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.135 OL08-00-020000	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.191 OL08-00-020270	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.272 RHEL-09-411040	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
5.4.1.10 Ensure temporary accounts have been provisioned with an expiration date of 72 hours	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
5.4.3.4 Ensure emergency accounts have been provisioned with an expiration date of 72 hours	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
AIX7-00-001001 - AIX must automatically remove or disable temporary user accounts after 72 hours or sooner.	Unix	DISA STIG AIX 7.x v3r1
AIX7-00-001014 - The AIX system must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.	Unix	DISA STIG AIX 7.x v3r1
ALMA-09-004750 - AlmaLinux OS 9 must automatically expire temporary accounts within 72 hours.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r3
AOSX-13-000110 - The macOS system must automatically remove or disable temporary user accounts after 72 hours.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000115 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000012 - The macOS system must automatically remove or disable temporary user accounts after 72 hours.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000013 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-14-000012 - The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-000012 - The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r4
Big Sur - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Automatically Remove or Disable Temporary User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Automatically Remove or Disable Temporary User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Automatically Remove or Disable Temporary User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Automatically Remove or Disable Temporary User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Automatically Remove or Disable Temporary User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Automatically Remove or Disable Temporary User Accounts within 72 Hours	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Automatically Remove or Disable Emergency Accounts within 72 Hours	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Automatically Remove or Disable Temporary User Accounts within 72 Hours	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High

Detections

Analytics