Skip to main content
govconCyber — Federal Cybersecurity Law Reference
Back to results
NIST 800-171 R-3.5.6

Disable Inactive Identifiers

Official citation: 3.5.6

Class: core · Severity: medium

Statement of the obligation — verify against source

3.5.6

What it means

Disable identifiers after a defined period of inactivity. Dormant accounts are an easy target: an attacker can exploit one to gain access that the inactive owner is unlikely to notice.

Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.