The option to disable user accounts after 30 days of inactivity is not being used.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7959	DSN13.04	SV-8445r1_rule	ECSC-1 IAIA-1 IAIA-2	Low

Description
Requirement: The IAO will ensure that user accounts are disabled after 30 days of inactivity. User accounts that are inactive for more than 30 days should be disabled by the system. Outdated or unused user accounts provide penetration points that may go undetected. Deleting or disabling these types of accounts will help to prevent unauthorized users from gaining access to the DSN system by using an old account that is not needed.

Description

Requirement: The IAO will ensure that user accounts are disabled after 30 days of inactivity. User accounts that are inactive for more than 30 days should be disabled by the system. Outdated or unused user accounts provide penetration points that may go undetected. Deleting or disabling these types of accounts will help to prevent unauthorized users from gaining access to the DSN system by using an old account that is not needed.

STIG	Date
Defense Switched Network (DSN) STIG	2017-01-19

Details

Check Text ( C-4130r1_chk )
Tekelec: rtrv-secu-dflt; UOUT=30

Fix Text (F-7534r1_fix)
Configure systems to disable accounts that are inactive for more than 30 days, if technically feasible. If the system does not provide this functionality, the ISSO/IAO should review accounts every 30 days to ensure that only needed accounts are active.