Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported
Asset Type | Security Function | Implementation Groups |
---|---|---|
Users | Respond | 1, 2, 3 |
- Safeguard 5.1: Establish and Maintain an Inventory of Accounts
GV22
: Inventory of accounts- Enterprise defined policy for dormant threshold
Assumptions ----------#. The list of accounts for the enterprise includes OS-level, database, internal and external application accounts. #. A query interface is assumed to enable collection of a “last activity” timestamp, such as last logon, as well as a status indicating if the account is enabled or disabled.
- Review Input 2 and note the dormant threshold in terms of days (M2)
- For each account in
GV22
, query the interface and collect - The date of last activity for each account
- Whether the account is disabled or not
- For each account in
- Using the output of Operation 2.1 and Input 2
- Identify and enumerate accounts that have exceeded the dormant threshold (M3)
- Identify and enumerate accounts that are still within the dormant threshold (M4)
- Use the output of Operation 2.2 and 3.1 (M3)
- Identify and enumerate accounts that are disabled (M5)
- Identify and enumerate accounts that are still enabled (M6)
- M1 = Count of accounts in
GV22
- M2 = Timeframe of dormant threshold in days
- M3 = Count of dormant accounts
- M4 = Count of active accounts
- M5 = Count of dormant accounts that have been disabled
- M6 = Count of dormant accounts still enabled
Metric | The percentage of dormant accounts still included in |
the inventory. |
Calculation | M6 / M1 |
Enabled Dormant Accounts ^^^^^^^^^^^^^^^^^ .. list-table:
* - **Metric**
- | The percentage of dormant accounts still enabled
* - **Calculation**
- :code:`M6 / M3`