CSCv7|16.9

Title

Disable Dormant Accounts

Description

Automatically disable dormant accounts after a set period of inactivity.

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.1.3 Ensure known default accounts do not existCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.8 Ensure that users who did not log in for 90 days are disabledSnowflakeCIS Snowflake Foundations v1.0.0 L1
1.12 Ensure credentials unused for 45 days or greater are disabledamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
2.7 Lock Out Accounts if Not Currently in UseMySQLDBCIS MariaDB 10.6 Database L2 v1.1.0
2.7 Lock Out Accounts if Not Currently in UseUnixCIS MariaDB 10.6 on Linux L2 v1.1.0
2.8 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.8 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.11 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.11 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 8.0 Community Database L2 v1.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
4.1.4 Ensure that default service accounts are not actively usedGCPCIS Google Kubernetes Engine (GKE) v1.6.1 L1
4.2.4 maxexpiredUnixCIS IBM AIX 7.1 L1 v2.1.0
4.8.5 Ensure administrative user accounts are lockedUnixCIS IBM AIX 7 v1.0.0 L1
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.OpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes v1.10.0 L1 Master
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 12.0 Monterey v3.1.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 10.14 v2.0.0 L1
5.4.1.4 Ensure inactive password lock is 30 days or less - useraddUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - useraddUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useraddUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
20.45 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
20.45 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
20.45 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
20.45 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC