Benefits:
Reduced Attack Surface: By eliminating inactive accounts, you minimize the number of potential entry points for attackers. Dormant accounts are attractive targets as they may go unnoticed if compromised.
Enhanced Accountability: This control enforces accountability by ensuring users are actively using their assigned accounts. This reduces the risk of unauthorized access due to forgotten or misused credentials.
Improved Security Posture: Disabling inactive accounts minimizes the number of dormant accounts that could be compromised. This strengthens your overall security posture by reducing the potential impact of a successful attack.
Accountability:
Senior Management: Sets the security tone by prioritizing control implementation. They ensure adequate resources and budget allocation for IT security and user provisioning processes.
IT Security Team: Implements technical controls to identify inactive accounts and automates their disabling after a pre-defined period. They also define and update policies for account activity thresholds and disablement procedures.
System Owners: Understand the criticality of their systems and data. They assist in defining risk-based thresholds for inactivity based on system access needs. They also participate in reviewing account activity reports and escalation procedures for disabled accounts needing reactivation.
Individual Users: Take responsibility for account security by practicing good password hygiene and avoiding account sharing. They should notify IT of any prolonged periods of inactivity to prevent accidental disablement.
Implementation:
Automated Disabling: Configure user accounts to automatically deactivate after a predefined period of inactivity. This period should be determined by your organization's risk tolerance.
Defined Inactivity Period: Establish a policy outlining the inactivity threshold for account disabling. Higher risk environments may require shorter inactivity periods for stricter control.
User Notification: Implement mechanisms to notify users before their accounts are disabled. This provides them with an opportunity to reactivate the account if it's still needed.
Regular Review: Regularly assess disabled accounts to ensure legitimate access isn't impeded. This may involve procedures for reactivating accounts upon user request.