STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (3) — Account Management

CCI-000017

Definition

Disable accounts when the accounts have been inactive for the organization-defined time-period.

Parent Control

AC-2 (3)Account ManagementAccess Control

Linked STIG Checks (27)

V-204639CAT IIAAA Services must be configured to automatically disable accounts after a 35-day period of account inactivity.AAA Services Security Requirements Guide V-222411CAT IIIThe application must automatically disable accounts after a 35 day period of account inactivity.Application Security and Development Security Technical Implementation Guide V-222412CAT IIUnnecessary application accounts must be disabled, or deleted.Application Security and Development Security Technical Implementation Guide V-237321CAT IThe ArcGIS Server must use Windows authentication for supporting account management functions.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-233021CAT IIThe container platform must automatically disable accounts after a 35-day period of account inactivity.Container Platform Security Requirements Guide V-270910CAT IIDragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.Dragos Platform 2.x Security Technical Implementation Guide V-259987CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must automatically disable user accounts after a 35-day period of account inactivity.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-228980CAT IIThe BIG-IP appliance must automatically disable accounts after a 35-day period of account inactivity.F5 BIG-IP Device Management Security Technical Implementation Guide V-230161CAT IIIThe HP FlexFabric Switch must automatically disable accounts after a 35-day period of account inactivity.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255728CAT IIThe MQ Appliance network device access must automatically disable accounts after a 35-day period of account inactivity.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-241812CAT IIThe Jamf Pro EMM must automatically disable accounts after a 35 day period of account inactivity (local accounts).Jamf Pro v10.x EMM Security Technical Implementation Guide V-205446CAT IIThe Mainframe Product must automatically disable accounts after 35 days of account inactivity.Mainframe Product Security Requirements Guide V-270204CAT IIMicrosoft Entra ID must automatically disable accounts after a 35-day period of account inactivity.Microsoft Entra ID Security Technical Implementation Guide V-260909CAT IIMKE must be configured to integrate with an Enterprise Identity Provider.Mirantis Kubernetes Engine Security Technical Implementation Guide V-273188CAT IIOkta must automatically disable accounts after a 35-day period of account inactivity.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-918CAT IIAccounts must be locked upon 35 days of inactivity.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-225655CAT IIThe Samsung SDS EMM must automatically disable accounts after a 35 day period of account inactivity (local accounts).Samsung SDS EMM Security Technical Implementation Guide V-216344CAT IIUser accounts must be locked after 35 days of inactivity.Solaris 11 SPARC Security Technical Implementation Guide V-216109CAT IIUser accounts must be locked after 35 days of inactivity.Solaris 11 X86 Security Technical Implementation Guide V-234288CAT IIThe UEM server must automatically disable accounts after a 35-day period of account inactivity.Unified Endpoint Management Server Security Requirements Guide V-207340CAT IIThe VMM must automatically disable local accounts after a 35-day period of account inactivity.Virtual Machine Manager Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide