STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AC-2 (3)

Access ControlRev 5system

Account Management

Baselines:ModerateHigh

Control Statement

Disable accounts within [Assignment: time period] when the accounts:

Supplemental Guidance

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.

CCI Identifiers (5)

CCI-000017Disable accounts when the accounts have been inactive for the organization-defined time-period.CCI-000217Defines a time period after which inactive accounts are automatically disabled.CCI-003627Disable accounts when the accounts have expired.CCI-003628Disable accounts when the accounts are no longer associated to a user.CCI-003629Disable accounts when the accounts are in violation of organizational policy.

Linked STIG Checks (97)

Across 71 STIGs. Click to expand.