1.3.1 Ensure inactive users are reviewed and removed periodically

ID

cis_sscs/inactive_users

Severity

low

Category

source_code/code_changes

Levels

Optional

false

Tags

maintenance, security, slsa-4, supply-chain

Description

Ensure inactive users are reviewed and removed periodically. In this checkpoint you can configure the inactive time to consider that the users should be removed by inactiveDays property.

Rationale

User accounts that have been inactive for a long period of time are enlarging the surface of attack. Inactive users with high-level privileges are of particular concern, as these accounts are more likely to be targets for attackers. This could potentially allow access to large portions of an organization should such an attack prove successful. It is recommended to remove them as soon as possible in order to prevent this.

Verification

For each repository in use, verify that all user accounts are active.

Remediation

For each repository in use, review inactive user accounts (members that left the organization, etc.) and remove them.