Disable accounts within [Assignment: organization-defined time period] when the accounts:
(a) Have expired;
(b) Are no longer associated with a user or individual;
(c) Are in violation of organizational policy; or
(d) Have been inactive for [Assignment: organization-defined time period].
|
|
| Control Identifier | AC-2(3) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system. |
| Related Controls | None. |