STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (2) — Account Management

CCI-000016

Definition

Automatically remove or disable temporary and emergency accounts after an organization-defined time-period for each type of account.

Parent Control

AC-2 (2)Account ManagementAccess Control

Linked STIG Checks (50)

V-204637CAT IIAAA Services must be configured to automatically remove temporary user accounts after 72 hours.AAA Services Security Requirements Guide V-204638CAT IIAAA Services must be configured to automatically remove authorizations for temporary user accounts after 72 hours.AAA Services Security Requirements Guide V-274146CAT IIAmazon Linux 2023 must automatically remove or disable temporary user accounts after 72 hours.Amazon Linux 2023 Security Technical Implementation Guide V-268079CAT IINixOS emergency or temporary user accounts must be provisioned with an expiration time of 72 hours or less.Anduril NixOS Security Technical Implementation Guide V-252444CAT IIThe macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257150CAT IIThe macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259424CAT IIThe macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268426CAT IIThe macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277034CAT IIThe macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222409CAT IIThe application must automatically remove or disable temporary user accounts 72 hours after account creation.Application Security and Development Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219329CAT IIThe Ubuntu operating system must provision temporary user accounts with an expiration time of 72 hours or less.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238196CAT IIThe Ubuntu operating system must provision temporary user accounts with an expiration time of 72 hours or less.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260548CAT IIUbuntu 22.04 LTS must automatically expire temporary accounts within 72 hours.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270682CAT IIUbuntu 24.04 LTS must automatically remove or disable emergency accounts after 72 hours.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-269128CAT IIAlmaLinux OS 9 must automatically expire temporary accounts within 72 hours.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233020CAT IIThe container platform must automatically remove or disable temporary user accounts after 72 hours.Container Platform Security Requirements Guide V-228979CAT IIThe BIG-IP appliance must automatically remove or disable temporary user accounts after 72 hours.F5 BIG-IP Device Management Security Technical Implementation Guide V-203592CAT IIThe operating system must automatically remove or disable temporary user accounts after 72 hours.General Purpose Operating System Security Requirements Guide V-215170CAT IIAIX must automatically remove or disable temporary user accounts after 72 hours or sooner.IBM AIX 7.x Security Technical Implementation Guide V-223577CAT IIThe IBM z/OS system administrator (SA) must develop a procedure to automatically remove or disable temporary user accounts after 72 hours.IBM z/OS ACF2 Security Technical Implementation Guide V-223798CAT IIIBM z/OS system administrator must develop a procedure to remove or disable temporary user accounts after 72 hours.IBM z/OS RACF Security Technical Implementation Guide V-224035CAT IIIBM z/OS system administrator (SA) must develop a procedure to remove or disable temporary user accounts after 72 hours.IBM z/OS TSS Security Technical Implementation Guide V-205445CAT IIThe Mainframe Product must automatically remove or disable temporary user accounts after 72 hours.Mainframe Product Security Requirements Guide V-224848CAT IIWindows Server 2016 must automatically remove or disable temporary user accounts after 72 hours.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205624CAT IIWindows Server 2019 must automatically remove or disable temporary user accounts after 72 hours.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254267CAT IIWindows Server 2022 must automatically remove or disable temporary user accounts after 72 hours.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278013CAT IIWindows Server 2025 must automatically remove or disable temporary user accounts after 72 hours.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260909CAT IIMKE must be configured to integrate with an Enterprise Identity Provider.Mirantis Kubernetes Engine Security Technical Implementation Guide V-254126CAT IIINutanix AOS must automatically remove or disable temporary user accounts after 72 hours.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279539CAT IINutanix OS must automatically remove or disable temporary user accounts after 72 hours.Nutanix Acropolis GPOS Security Technical Implementation Guide V-248651CAT IIOL 8 temporary user accounts must be provisioned with an expiration time of 72 hours or less.Oracle Linux 8 Security Technical Implementation Guide V-271843CAT IIOL 9 must automatically expire temporary accounts within 72 hours.Oracle Linux 9 Security Technical Implementation Guide V-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-281173CAT IIRHEL 10 must automatically expire temporary accounts within 72 hours.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258047CAT IIRHEL 9 must automatically expire temporary accounts within 72 hours.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-261355CAT IISLEM 5 must automatically expire temporary accounts within 72 hours.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-216322CAT IIIThe operating system must automatically terminate temporary accounts within 72 hours.Solaris 11 SPARC Security Technical Implementation Guide V-216087CAT IIIThe operating system must automatically terminate temporary accounts within 72 hours.Solaris 11 X86 Security Technical Implementation Guide V-282352CAT IITOSS 5 must automatically expire temporary accounts within 72 hours.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234287CAT IIThe UEM server must automatically remove or disable temporary user accounts after 72 hours if supported by the UEM server.Unified Endpoint Management Server Security Requirements Guide V-240344CAT IIThe SLES for vRealize must automatically remove or disable temporary user accounts after 72 hours.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239442CAT IIThe SLES for vRealize must automatically remove or disable temporary user accounts after 72 hours.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-207339CAT IIThe VMM must automatically remove or disable local temporary user accounts after 72 hours.Virtual Machine Manager Security Requirements Guide V-73283CAT IIWindows Server 2016 must automatically remove or disable temporary user accounts after 72 hours.Windows Server 2016 Security Technical Implementation Guide V-73283CAT IIWindows Server 2016 must automatically remove or disable temporary user accounts after 72 hours.Windows Server 2016 Security Technical Implementation Guide V-92975CAT IIWindows Server 2019 must automatically remove or disable temporary user accounts after 72 hours.Windows Server 2019 Security Technical Implementation Guide