Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Enterprise Voice, Video, and Messaging Session Manager must automatically disable user accounts after a 35-day period of account inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259987 | SRG-NET-000004-VVSM-00101 | SV-259987r956074_rule | Medium |
| Description |
|---|
| Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Enterprise Voice, Video, and Messaging Session Managers must track periods of user inactivity and disable accounts after 35 days of inactivity. Such a process greatly reduces the risk that accounts will be misused, hijacked, or data compromised. DOD has determined that 35 days is the appropriate time period of inactivity for Inactive accounts. Therefore, systems with a per user paradigm of management would apply. |
| STIG | Date |
|---|---|
| Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide | 2024-03-11 |
Details
| Check Text ( C-63718r948926_chk ) |
|---|
| Verify the Enterprise Voice, Video, and Messaging Session Manager automatically disables Voice Video Endpoint user access after a 35-day period of account inactivity. This requirement refers to users rather than endpoints. If the Enterprise Voice, Video, and Messaging Session Manager does not automatically disable Voice Video Endpoint user access after a 35-day period of account inactivity, this is a finding. |
| Fix Text (F-63625r956074_fix) |
|---|
| Configure the Enterprise Voice, Video, and Messaging Session Manager to automatically disable Voice Video Endpoint user access after a 35-day period of account inactivity. |