The operating system must manage information system identifiers for users and devices by disabling the user identifier after an organization defined time period of inactivity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33098	SRG-OS-000118-NA	SV-43496r1_rule		Medium

Description
Inactive user accounts pose a risk to systems and applications. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account, whose identifier would never be disabled. Some mobile operating systems also assign identifiers to applications, in which case there is a similar need for persistence regardless of usage patterns.

Description

Inactive user accounts pose a risk to systems and applications. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account, whose identifier would never be disabled. Some mobile operating systems also assign identifiers to applications, in which case there is a similar need for persistence regardless of usage patterns.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41357r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-36998r1_fix)
The requirement is NA. No fix is required.