3.5.6

  • Requirement

    Disable identifiers after a defined period of inactivity.

  • Discussion

    Inactive identifiers pose a risk to organizational information because attackers may exploit an inactive identifier to gain undetected access to organizational devices. The owners of the inactive accounts may not notice if unauthorized access to the account has been obtained.

More Info

  • Family

    Identification and Authentication
  • DoD Scoring Methodology Points

    1
  • Related CMMC ID

  • Related NIST 800-53 ID

    IA-4
  • Reference Documents

    • N/A

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!