From 2ac6dd60c0acdbaec2e4c76d8077bae4453fd88a Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Mon, 5 Dec 2016 08:52:32 -0600
Subject: [PATCH] [Docs] Exception for removing unnecessary accounts

It isn't possible for automated tasks to determine which accounts are
unnecessary. Deployers must perform these audits manually.

Implements: blueprint security-rhel7-stig
Change-Id: I68984e72cfb2073a6b3bbe98cd935632c3be138f
---
 doc/metadata/rhel7/RHEL-07-020290.rst | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/doc/metadata/rhel7/RHEL-07-020290.rst b/doc/metadata/rhel7/RHEL-07-020290.rst
index f8042d90..eb39f549 100644
--- a/doc/metadata/rhel7/RHEL-07-020290.rst
+++ b/doc/metadata/rhel7/RHEL-07-020290.rst
@@ -1,7 +1,10 @@
 ---
 id: RHEL-07-020290
-status: not implemented
-tag: misc
+status: exception - manual intervention
+tag: auth
 ---
 
-This STIG requirement is not yet implemented.
+Deployers are strongly urged to review the list of user accounts on each server
+regularly. Evaluation of user accounts must be done on a case-by-case basis and
+the tasks in the security role are unable to determine which user accounts are
+valid.  Deployers must complete this work manually.