{"description": "Implement an automated system for managing user accounts that minimizes the\nrisk of errors, either intentional or deliberate. This system\nshould integrate with an existing enterprise user management system, such as\none based on Identity Management tools such as Active Directory, Kerberos,\nDirectory Server, etc.", "rationale": "A comprehensive account management process that includes automation helps to\nensure the accounts designated as requiring attention are consistently and\npromptly addressed. Enterprise environments make user account management\nchallenging and complex. A user management process requiring administrators to\nmanually address account management functions adds risk of potential\noversight.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the system is not using a centralized authentication mechanism, or it is not automated", "ocil": "Verify that the system is integrated with a centralized authentication mechanism\nsuch as as Active Directory, Kerberos, Directory Server, etc. that has\nautomated account mechanisms in place.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Use Centralized and Automated Authentication", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_use_centralized_automated_auth/rule.yml", "template": null}