800-53|IA-4e.

Title

IDENTIFIER MANAGEMENT

Description

Disabling the identifier after [Assignment: organization-defined time period of inactivity].

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.019 - Outdated or unused accounts must be removed from the system.	Windows	DISA Windows Vista STIG v6r41
5.5.1.9 Ensure inactive password lock is 0 days - individuals, groups, roles, and devices if the password expires.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Catalina v1.5.0 - All Profiles
GEN000760 - Accounts must be locked upon 35 days of inactivity.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN006660 - Accounts must be locked upon 35 days of inactivity.	Unix	DISA STIG for Oracle Linux 5 v2r1
JBOS-AS-000290 - JBoss management Interfaces must be integrated with a centralized authentication mechanism that is configured to manage accounts according to DoD policy.	Unix	DISA RedHat JBoss EAP 6.3 STIG v2r3
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - All Profiles
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Disable Accounts after 35 Days of Inactivity	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
OL6-00-000335 - The operating system must manage information system identifiers for users and devices by disabling the user identifier after an organization defined time period of inactivity.	Unix	DISA STIG Oracle Linux 6 v2r7
OL07-00-010310 - The Oracle Linux operating system must disable account identifiers (individuals, groups, roles, and devices) if the password expires - individuals, groups, roles, and devices if the password expires.	Unix	DISA Oracle Linux 7 STIG v2r14
OL08-00-020261 - The OL 8 password-auth file must disable access to the system for account identifiers (individuals, groups, roles, and devices) with 35 days of inactivity.	Unix	DISA Oracle Linux 8 STIG v1r8
PHTN-30-000035 - The Photon operating system must disable new accounts immediately upon password expiration.	Unix	DISA STIG VMware vSphere 7.0 Photon OS v1r2
PHTN-67-000036 - The Photon operating system must disable new accounts immediately upon password expiration.	Unix	DISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-06-000335 - The operating system must manage information system identifiers for users and devices by disabling the user identifier after an organization defined time period of inactivity.	Unix	DISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-07-010310 - The Red Hat Enterprise Linux operating system must disable account identifiers (individuals, groups, roles, and devices) if the password expires.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r14
RHEL-08-020260 - RHEL 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity.	Unix	DISA Red Hat Enterprise Linux 8 STIG v1r13
RHEL-09-411050 - RHEL 9 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.	Unix	DISA Red Hat Enterprise Linux 9 STIG v1r2
SLES-12-010340 - The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.	Unix	DISA SLES 12 STIG v2r13
SLES-15-020050 - The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.	Unix	DISA SLES 15 STIG v1r12
SOL-11.1-040280 - User accounts must be locked after 35 days of inactivity.	Unix	DISA STIG Solaris 11 SPARC v2r9
SOL-11.1-040280 - User accounts must be locked after 35 days of inactivity.	Unix	DISA STIG Solaris 11 X86 v2r9
UBTU-16-010280 - Account identifiers (individuals, groups, roles, and devices) must disabled after 35 days of inactivity.	Unix	DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010445 - The Ubuntu operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.	Unix	DISA STIG Ubuntu 18.04 LTS v2r13
UBTU-20-010409 - The Ubuntu operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.	Unix	DISA STIG Ubuntu 20.04 LTS v1r10
VCSA-70-000059 - The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.	VMware	DISA STIG VMware vSphere 7.0 vCenter v1r2
WN10-00-000065 - Unused accounts must be disabled or removed from the system after 35 days of inactivity.	Windows	DISA Windows 10 STIG v2r8
WN11-00-000065 - Unused accounts must be disabled or removed from the system after 35 days of inactivity.	Windows	DISA Windows 11 STIG v1r5
WN12-GE-000014 - Outdated or unused accounts must be removed from the system or disabled.	Windows	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7
WN12-GE-000014 - Outdated or unused accounts must be removed from the system or disabled.	Windows	DISA Windows Server 2012 and 2012 R2 DC STIG v3r7

Detections

Analytics

800-53|IA-4e.

Title

Description

Reference Item Details

Audit Items