Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

IG – Audit Finds Inactive Accounts Within the Department of State’s Active Directory

OIG, U.S. Department of State, Management Assistance Report: Inactive Accounts Within the Department of State’s Active Directory, AUD-IT-16-37, Office of Audits. June 2016.

“According to the National Institute of Standards and Technology, inactive accounts should be automatically disabled after a defined period of time. The Foreign Affairs Handbook states that Department officials must disable inactive accounts after 90 days. Williams Adley [an independent public accounting firm] determined that the Department was not disabling inactive domestic AD accounts after 90 days in accordance with the Department’s internal policy. Specifically, Williams Adley found that 2,601 (6 .4 percent) of 40,794 domestic accounts were inactive for more than 90 days and had not been disabled in AD. Of the 2,601 inactive accounts, 1,932 (74 percent) accounts were inactive for more than 1 year , and the remaining 669 accounts were inactive for greater than 90 days, but less than or equal to 365 days…”

Sorry, comments are closed for this post.