AC-02(03)—Account Management | Disable Accounts
Moderate
>Control Description
Disable accounts within ⚙organization-defined time period when the accounts:
(a) Have expired;
(b) Are no longer associated with a user or individual;
(c) Are in violation of organizational policy; or
(d) Have been inactive for ⚙organization-defined time period.
>Discussion
Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.