034 – Manage user accounts

Summary

The system must allow superusers or system administrators to disable user accounts.

Description

This is a security measure designed to provide administrators with the capability to deactivate or disable user accounts within a system. This control is crucial for maintaining the security and integrity of the system and its data.

Supported In

Advanced: True

References

• CIS-6_2. Establish an access revoking process
• HIPAA-164_308_a_3_ii_A. Authorization or supervision (addressable)
• NERCCIP-004-6_R5. Access revocation
• SOC2-CC6_2. Logical and physical access controls
• MITRE-M1018. User account management
• MITRE-M1026. Privileged account management
• HITRUST-01_c. Privilege management
• IEC62443-IAC-1_3. Account management
• IEC62443-CR-2_1-RE_3. Permission mapping to roles
• MVSP-4_2. Operational controls - Logical access
• OWASPSCP-5. Access control
• PCI-2_2_2. System components are configured and managed securely
• PCI-8_2_4. User identification for users and administrators are strictly managed
• SANS25-11. Missing authorization
• OWASPMASVS-AUTH-1. The app uses secure authentication and authorization protocols and follows the relevant best practices
• CWE25-862. Missing authorization

Last updated

2024/02/05