The IDPS must automatically disable inactive accounts after an organizationally defined time period of inactivity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000004-IDPS-000024	SRG-NET-000004-IDPS-000024	SRG-NET-000004-IDPS-000024_rule		Low

Description
There is always a risk for inactive accounts to be compromised by unauthorized users who could then gain full control of the device; thereby enabling them to trigger a Does attacks, intercept sensitive information, or disrupt network availability. Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. The IDPS must track periods of user inactivity and disable application accounts after an organizationally defined period of inactivity. Such a process greatly reduces the risk that accounts will be misused, hijacked, or data compromised. To address the multitude of policy based access requirements, many network administrators choose to integrate the IDPS with enterprise level authentication/access mechanisms that meet or exceed access control policy requirements. Such integration allows the network administrator to off-load those access control functions and focus on core application features and functionality.

Description

There is always a risk for inactive accounts to be compromised by unauthorized users who could then gain full control of the device; thereby enabling them to trigger a Does attacks, intercept sensitive information, or disrupt network availability. Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. The IDPS must track periods of user inactivity and disable application accounts after an organizationally defined period of inactivity. Such a process greatly reduces the risk that accounts will be misused, hijacked, or data compromised. To address the multitude of policy based access requirements, many network administrators choose to integrate the IDPS with enterprise level authentication/access mechanisms that meet or exceed access control policy requirements. Such integration allows the network administrator to off-load those access control functions and focus on core application features and functionality.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43142_chk )
Verify the IDPS has a setting for account inactivity period. Navigate to the account policy configuration screen or check the setting for several accounts. If any enabled accounts have not been logged into within the organizationally defined period, this is a finding.

Fix Text (F-43142_fix)
Configure the organizationally defined inactivity period as the default for existing and newly created accounts.