CSCv7|16.9

Title

Disable Dormant Accounts

Description

Automatically disable dormant accounts after a set period of inactivity.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.12 Ensure credentials unused for 45 days or greater are disabled	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
2.7 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MariaDB 10.6 Database L2 v1.0.0
2.7 Lock Out Accounts if Not Currently in Use	Unix	CIS MariaDB 10.6 on Linux L2 v1.0.0
2.8 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.8 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.11 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MySQL 8.0 Community Database L2 v1.0.0
2.11 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MySQL 8.0 Enterprise Database L2 v1.3.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
4.1.5 Ensure that default service accounts are not actively used	GCP	CIS Google Kubernetes Engine (GKE) v1.5.0 L1
4.2.4 maxexpired	Unix	CIS IBM AIX 7.1 L1 v2.1.0
4.12 Lock historical users	Unix	CIS IBM AIX 7.2 L1 v1.1.0
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 10.14 v2.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 13.0 Ventura v2.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 14.0 Sonoma v1.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVE	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
20.44 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.44 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0

Detections

Analytics

CSCv7|16.9

Title

Description

Reference Item Details

Audit Items