AC-02(03) Disable Accounts
Disable accounts within ac-02.03_odp.01 when the accounts:
(a) Have expired;
(b) Are no longer associated with a user or individual;
(c) Are in violation of organizational policy; or
(d) Have been inactive for ac-02.03_odp.02.
| Parameter ID | Definition |
|---|---|
| ac-02.03_odp.01 | time period |
| ac-02.03_odp.02 | time period |
Baselines
- L
- M
- H
- P
Guidance
Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.