CSCv7|16.9

Title

Disable Dormant Accounts

Description

Automatically disable dormant accounts after a set period of inactivity.

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.12 Ensure credentials unused for 45 days or greater are disabledamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
2.7 Lock Out Accounts if Not Currently in UseMySQLDBCIS MariaDB 10.6 Database L2 v1.1.0
2.7 Lock Out Accounts if Not Currently in UseUnixCIS MariaDB 10.6 on Linux L2 v1.1.0
2.8 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.8 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.11 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.11 Lock Out Accounts if Not Currently in UseMySQLDBCIS MySQL 8.0 Community Database L2 v1.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
4.1.5 Ensure that default service accounts are not actively usedGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
4.2.4 maxexpiredUnixCIS IBM AIX 7.1 L1 v2.1.0
4.12 Lock historical usersUnixCIS IBM AIX 7.2 L1 v1.1.0
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes Benchmark v1.9.0 L1 Master
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.5 Ensure that default service accounts are not actively used.UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.OpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 10.14 v2.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 13.0 Ventura v2.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
5.2.7 Ensure Password Age Is ConfiguredUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
5.4.1.4 Ensure inactive password lock is 30 days or less - useraddUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useraddUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useraddUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - useraddUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - usersUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - usersUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - usersUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - usersUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVEUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
20.44 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.44 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.45 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
20.45 Ensure 'Outdated or unused accounts are removed or disabled'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0