To comply with security policy after inventory, how should a company handle contractor user accounts?

Disabling contractor user accounts is a best practice in security policy compliance after they have completed their tasks. This approach effectively prevents any unauthorized access to sensitive systems and data, ensuring that contractors cannot log in to the network once their work is done. By disabling the accounts instead of deleting them, the company retains the account information for auditing and record-keeping purposes, should there be a need to review past access or for reactivation later if contracts are extended or renewed.

In this context, simply deleting the accounts would eliminate all historical data and access logs associated with those users, making it difficult to track past activities or re-establish access if necessary. Similarly, restricting the user accounts does not prevent login and could lead to potential security risks if contractors still have access to certain parts of the system. Resetting user accounts could inadvertently grant access if the contractors are given new credentials without further verification of their roles or status, which may not align with security policies. Disabling accounts strikes a balance, removing active access while keeping the information intact for future reference if needed.