Catalina - Automatically Remove or Disable Temporary User Accounts within 72 Hours

Details

The macOS is able to be configured to set an automated termination for 72 hours or less for all temporary accounts upon account creation.



If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be targeted by attackers to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts _MUST_ be set to 72 hours (or less) when the temporary account is created.



If no policy is enforced by a directory service, a password policy can be set with the "pwpolicy" utility. The variable names may vary depending on how the policy was set.



If there are no temporary accounts defined on the system, this is Not Applicable.


Solution

The technology inherently meets this requirement. No fix is required.


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.


References


Source