CSCv7|16.9

Title

Disable Dormant Accounts

Description

Automatically disable dormant accounts after a set period of inactivity.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.1.3 Ensure known default accounts do not exist	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.8 Ensure that users who did not log in for 90 days are disabled	Snowflake	CIS Snowflake Foundations v1.0.0 L1
1.12 Ensure credentials unused for 45 days or more are disabled	amazon_aws	CIS Amazon Web Services Foundations v4.0.1 L1
2.7 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MariaDB 10.6 Database L2 v1.1.0
2.7 Lock Out Accounts if Not Currently in Use	Unix	CIS MariaDB 10.6 on Linux L2 v1.1.0
2.8 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.8 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.11 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L2 Database
2.11 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS Oracle MySQL Community Server 8.4 v1.0.0 L2 Database
2.11 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS MySQL 8.0 Community Database L2 v1.1.0
2.11 Lock Out Accounts if Not Currently in Use	MySQLDB	CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
4.1.4 Ensure that default service accounts are not actively used	GCP	CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1
4.1.4 Ensure that default service accounts are not actively used	GCP	CIS Google Kubernetes Engine (GKE) v1.7.0 L1
4.2.4 maxexpired	Unix	CIS IBM AIX 7.1 L1 v2.1.0
4.8.5 Ensure administrative user accounts are locked	Unix	CIS IBM AIX 7 v1.0.0 L1
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.5 Ensure that default service accounts are not actively used.	Unix	CIS Kubernetes v1.10.0 L1 Master
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 12.0 Monterey v4.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 13.0 Ventura v3.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 14.0 Sonoma v2.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 15.0 Sequoia v1.0.0 L1
5.2.7 Ensure Password Age Is Configured	Unix	CIS Apple macOS 10.14 v2.0.0 L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
20.45 Ensure 'Outdated or unused accounts are removed or disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS

Detections

Analytics

CSCv7|16.9

Title

Description

Reference Item Details

Audit Items