AC-02(03) Disable Accounts

Disable accounts within ac-02.03_odp.01 when the accounts:

(a) Have expired;

(b) Are no longer associated with a user or individual;

(c) Are in violation of organizational policy; or

(d) Have been inactive for ac-02.03_odp.02.

Parameter ID Definition
ac-02.03_odp.01 time period
ac-02.03_odp.02 time period



Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.