800-53|AC-2(3)

Title

DISABLE INACTIVE ACCOUNTS

Description

The information system automatically disables inactive accounts after [Assignment: organization-defined time period].

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2 (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
1.1.3 (L1) Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.3 Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
1.1.3 Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
1.1.4 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
1.1.4 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
1.1.4 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
1.1.4 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
1.3 Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4 Ensure Guest Users Are Reviewed on a Regular Basis	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.12 Ensure credentials unused for 45 days or greater are disabled	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
10.5 Lock Inactive User Accounts	Unix	CIS Debian Linux 7 L1 v1.0.0
10.5 Lock Inactive User Accounts	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.2.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + NG
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + BL
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + BL + NG
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + NG
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + BL
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + BL + NG
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only)	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only)	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only)	Windows	CIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.10.42.1 Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.10.42.1 Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.10.42.1 Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.10.42.1 Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.10.42.1 Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.10.42.1 Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC

Detections

Analytics

800-53|AC-2(3)

Title

Description

Reference Item Details

Audit Items