Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The option to disable user accounts after 30 days of inactivity is not being used.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-7959 | DSN13.04 | SV-8445r1_rule | ECSC-1 IAIA-1 IAIA-2 | Low |
| Description |
|---|
| Requirement: The IAO will ensure that user accounts are disabled after 30 days of inactivity. User accounts that are inactive for more than 30 days should be disabled by the system. Outdated or unused user accounts provide penetration points that may go undetected. Deleting or disabling these types of accounts will help to prevent unauthorized users from gaining access to the DSN system by using an old account that is not needed. |
| STIG | Date |
|---|---|
| Defense Switched Network (DSN) STIG | 2015-08-11 |
Details
| Check Text ( C-4130r1_chk ) |
|---|
| Tekelec: rtrv-secu-dflt; UOUT=30 |
| Fix Text (F-7534r1_fix) |
|---|
| Configure systems to disable accounts that are inactive for more than 30 days, if technically feasible. If the system does not provide this functionality, the ISSO/IAO should review accounts every 30 days to ensure that only needed accounts are active. |