Information
If users with accounts will not be using their account for some time, to reduce the risk of attacks or inappropriate account usage or if suspicions exist that an account might be under attack, disabling the account will secure it and once it's ready to resume use it can easily be re-enabled.
Rationale:
Only have active accounts that will be used.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To lock accounts - example:
ALTER USER 'jeffrey'@'localhost' ACCOUNT LOCK;
To unlock accounts - example
ALTER USER 'jeffrey'@'localhost' ACCOUNT UNLOCK;
Note: Works for CREATE as well. It is good practice to LOCK an account if created ahead of time.
Default Value:
Accounts are unlocked by default.