144 – Remove inactive accounts periodically

Summary

The organization must remove inactive user accounts periodically (purging).

Description

Inactive user accounts that remain in the system can be a security risk. If these accounts have not been properly deactivated or removed, they may become a target for unauthorized access or exploitation by malicious actors.

Supported In

Advanced: True

References

• CIS-5_3. Disable dormant accounts
• NIST80053-AC-2_3. Disable accounts
• NIST80053-AC-2_10. Shared and group account credential change
• NIST80053-AC-2_13. Disable accounts for high-risk individuals
• SOC2-CC6_5. Logical and physical access controls
• CMMC-AC_L2-3_1_10. Session lock
• CMMC-IA_L2-3_5_6. Identifier handling
• FEDRAMP-AC-2_3. Account management - Disable inactive accounts
• ISSAF-Q_16_20. Host security - Windows security (local attacks)
• ISSAF-U_9. Web application SQL injections - Bypass user authentication
• OWASPRISKS-P6. Insufficient deletion of personal data
• OWASPSCP-5. Access control
• C2M2-4_1_c. Establish identities and manage authentication
• C2M2-4_1_f. Establish identities and manage authentication
• C2M2-4_1_j. Establish identities and manage authentication
• PCI-2_2_2. System components are configured and managed securely
• PCI-8_2_6. Inactive user accounts are removed within 90 days of inactivity
• SIG-H_2_3. Access control
• FISMA-AC-2_3. Disable accounts
• FISMA-AC-2_10. Shared and group account credential change
• FISMA-AC-2_13. Disable accounts for high-risk individuals

Weaknesses

• 114 – Phishing

Last updated

2024/01/18