Theme

CSCv7|16.9

Title

Disable Dormant Accounts

Description

Automatically disable dormant accounts after a set period of inactivity.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.12 Ensure credentials unused for 45 days or greater are disabled	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
3.1.2.5 maxexpired	Unix	CIS IBM AIX 7.1 L1 v2.0.0
4.1.5 Ensure that default service accounts are not actively used.	GCP	CIS Google Kubernetes Engine (GKE) v1.3.0 L1
4.12 Lock historical users	Unix	CIS IBM AIX 7.2 L1 v1.0.0
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 10.14 v2.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 11.0 Big Sur v3.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 12.0 Monterey v2.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 13.0 Ventura v1.0.0 L1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.4.1.4 Ensure inactive password lock is 30 days or less - users	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVE	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVE	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVE	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
5.4.1.5 Ensure inactive password lock is 30 days or less - INACTIVE	Unix	CIS SUSE Linux Enterprise Server 12 L1 v3.1.0
5.4.1.5 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
5.4.1.5 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
5.4.1.5 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise Server 12 L1 v3.1.0
5.4.1.5 Ensure inactive password lock is 30 days or less - users	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS Oracle Linux 7 Server L1 v3.1.1
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS Red Hat EL7 Server L1 v3.1.1
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS CentOS 7 v3.1.2 Server L1
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS Oracle Linux 7 Workstation L1 v3.1.1
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS CentOS 7 v3.1.2 Workstation L1
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	Unix	CIS Red Hat EL7 Workstation L1 v3.1.1
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Red Hat 6 Workstation L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS CentOS 6 Server L1 v3.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Amazon Linux 2 v2.0.0 L1
5.5.1.4 Ensure inactive password lock is 30 days or less - useradd	Unix	CIS Red Hat 6 Server L1 v3.0.0
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
20.44 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.44 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0