CSCv6|16.6

Title

Monitor account usage to determine dormant accounts, notifying the user or user's manager.

Description

Monitor account usage to determine dormant accounts, notifying the user or user's manager. Disable such accounts if not needed, or document and monitor exceptions (e.g., vendor maintenance accounts needed for system recovery or continuity operations). Require that managers match active employees and contractors with each account belonging to their managed staff. Security or system administrators should then disable accounts that are not assigned to valid workforce members.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Aliyun Linux 2 L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Debian 9 Workstation L1 v1.0.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Debian Family Server L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Amazon Linux v2.1.0 L1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Debian Family Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Debian 9 Server L1 v1.0.1
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Aliyun Linux 2 L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Debian Family Server L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Debian Family Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Amazon Linux v2.1.0 L1
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Debian 9 Workstation L1 v1.0.1
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Debian 9 Server L1 v1.0.1
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVE	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVE	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Red Hat 6 Workstation L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS CentOS 6 Server L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Red Hat 6 Server L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS CentOS 6 Workstation L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Oracle Linux 6 Server L1 v2.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.5.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Red Hat 6 Workstation L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS CentOS 6 Server L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Oracle Linux 6 Server L1 v2.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Red Hat 6 Server L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS CentOS 6 Workstation L1 v3.0.0
7.5 Lock Inactive User Accounts - INACTIVE=35	Unix	CIS Red Hat Enterprise Linux 5 L1 v2.2.1
7.6 Lock Inactive User Accounts - useradd -D, 35	Unix	CIS Solaris 11.2 L1 v1.1.0
7.6 Lock Inactive User Accounts - useradd -D, 35	Unix	CIS Solaris 11.1 L1 v1.0.0
7.6 Lock Inactive User Accounts - useradd -D, 35	Unix	CIS Solaris 11 L1 v1.1.0
7.9 Lock Inactive User Accounts - Check if definact is set to 35.	Unix	CIS Solaris 10 L1 v5.2
10.5 Lock Inactive User Accounts	Unix	CIS Debian Linux 7 L1 v1.0.0
10.5 Lock Inactive User Accounts	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
Ensure inactive password lock is 30 days or less	Unix	Tenable Cisco Firepower Management Center OS Best Practices Audit

Detections

Analytics

CSCv6|16.6

Title

Description

Reference Item Details

Audit Items