5.3: Disable Dormant Accounts

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:


Info icon.

Incorporates the following controls from the previous version of the control set: 16.8: Disable Any Unassociated Accounts, 16.9: Disable Dormant Accounts, 16.10: Ensure All Accounts Have An Expiration Date.

Control Statement

Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]