zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-03 00:12:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ac-2.3.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

2 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ac-2.3 - [catalog] Disable Accounts

Control Statement

Disable accounts within time period when the accounts:

  • [a] Have expired;

  • [b] Are no longer associated with a user or individual;

  • [c] Are in violation of organizational policy; or

  • [d] Have been inactive for time period.

Control guidance

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.

Control assessment-objective

accounts are disabled within time period when the accounts have expired; accounts are disabled within time period when the accounts are no longer associated with a user or individual; accounts are disabled within time period when the accounts are in violation of organizational policy; accounts are disabled within time period when the accounts have been inactive for time period.

What is the solution and how is it implemented?

Implementation (a)

Add control implementation description here for item ac-2.3_smt.a

Implementation (b)

Add control implementation description here for item ac-2.3_smt.b

Implementation (c)

Add control implementation description here for item ac-2.3_smt.c

Implementation (d)

Add control implementation description here for item ac-2.3_smt.d