UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must automatically disable accounts after a 35-day period of account inactivity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-55041 SRG-APP-000025-NDM-000207 SV-69287r1_rule Medium
Description
Since the accounts in the network device are privileged or system-level accounts, account management is vital to the security of the network device. Inactive accounts could be reactivated or compromised by unauthorized users, allowing exploitation of vulnerabilities and undetected access to the network device. This control does not include emergency administration accounts, which are meant for access to the network device components in case of network failure.
STIG Date
Network Device Management Security Requirements Guide 2015-06-26

Details

Check Text ( C-55663r1_chk )
Review the network device configuration to determine if it automatically disables accounts after 35 days of inactivity or is configured to use an authentication server which would perform this function. If accounts are not automatically disabled after 35 days of inactivity, this is a finding.
Fix Text (F-59907r1_fix)
Configure the network device or its associated authentication server to automatically disable accounts after 35 days of inactivity.