IA.L2-3.5.6 Identifier Handling
Disable identifiers after a defined period of inactivity.
Source: NIST SP 800-171 Rev 2 3.5.6
Discussion: Inactive identifiers pose a risk to organizational information because attackers may exploit an inactive identifier to gain undetected access to organizational devices. The owners of the inactive accounts may not notice if unauthorized access to the account has been obtained.
SPRS Score: 1