The Voice Video Session Manager must automatically disable Voice Video endpoint user access after a 35 day period of account inactivity.

From Voice Video Session Management Security Requirements Guide

Associated with: CCI-000017

SV-76539r1_rule The Voice Video Session Manager must automatically disable Voice Video endpoint user access after a 35 day period of account inactivity.

Vulnerability discussion

Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Voice video session managers must track periods of user inactivity and disable accounts after 35 days of inactivity. Such a process greatly reduces the risk that accounts will be misused, hijacked, or data compromised.DoD has determined that 35 days is the appropriate time period of inactivity for Inactive accounts. Therefore, systems with a per user paradigm of management would apply.

Check content

Verify the Voice Video Session Manager automatically disables Voice Video endpoint user access after a 35 day period of account inactivity. This requirement refers to users rather than endpoints. If the Voice Video Session Manager does not automatically disable Voice Video endpoint user access after a 35 day period of account inactivity, this is a finding.

Fix text

Configure the Voice Video Session Manager too automatically disable Voice Video endpoint user access after a 35 day period of account inactivity.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.