1.8 Ensure Deny access to unused accounts is selected

Information

Deny access to unused accounts. If there has been no successful login attempt in a set period of time, the user is locked out and cannot log in.

Rationale:

User accounts that have been unused for over a given period of time can be automatically disabled. Unused accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies

Solution

Run the following command to set the deny-on-nonuse setting.
CLI:

Hostname>set password-controls deny-on-nonuse enable on

GUI:

Navigate to User Management > Password Policy > Deny access to unused accounts:
Checked the 'Deny access to unused accounts' setting.

Default Value:

Not Selected

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2f.

Plugin: CheckPoint

Control ID: e3a64042b1eadf740482aa4280489a687129080a44e6e35d15994c74441502d6