Manage user accounts
Summary
The system must allow superusers or system administrators to disable user accounts.
Description
This is a security measure designed to provide administrators with the capability to deactivate or disable user accounts within a system. This control is crucial for maintaining the security and integrity of the system and its data.
References
- CIS-6_2. Establish an access revoking process
- HIPAA-164_308_a_3_ii_A. Authorization or supervision (addressable)
- NERCCIP-004-6_R5. Access revocation
- SOC2-CC6_2. Logical and physical access controls
- MITRE-M1018. User account management
- MITRE-M1026. Privileged account management
- HITRUST-01_c. Privilege management
- IEC62443-IAC-1_3. Account management
- IEC62443-CR-2_1-RE_3. Permission mapping to roles
- MVSP-4_2. Operational controls - Logical access
- OWASPSCP-5. Access control
- PCI-2_2_2. System components are configured and managed securely
- PCI-8_2_4. User identification for users and administrators are strictly managed
- SANS25-11. Missing authorization
- OWASPMASVS-AUTH-1. The app uses secure authentication and authorization protocols and follows the relevant best practices
- CWE25-862. Missing authorization
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.