STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-000018

Definition

Automatically audit account creation actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (193)

V-204640CAT IIAAA Services must be configured to automatically audit account creation.AAA Services Security Requirements Guide V-76463CAT IIThe Akamai Luna Portal must automatically audit account creation.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-268080CAT IINixOS must enable the audit daemon.Anduril NixOS Security Technical Implementation Guide V-252462CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257168CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277060CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222413CAT IIThe application must automatically audit account creation.Application Security and Development Security Technical Implementation Guide V-237321CAT IThe ArcGIS Server must use Windows authentication for supporting account management functions.ArcGIS for Server 10.3 Security Technical Implementation Guide V-217356CAT IIThe Arista Multilayer Switch must automatically audit account creation.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-219220CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238238CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238239CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238240CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238242CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260628CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260629CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260630CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260631CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260632CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270684CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270685CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270686CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270687CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270688CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221900CAT IIThe Central Log Server must automatically audit account creation.Central Log Server Security Requirements Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-239897CAT IIThe Cisco ASA must be configured to automatically audit account creation.Cisco ASA NDM Security Technical Implementation Guide V-215663CAT IIThe Cisco router must be configured to automatically audit account creation.Cisco IOS Router NDM Security Technical Implementation Guide V-220571CAT IIThe Cisco switch must be configured to automatically audit account creation.Cisco IOS Switch NDM Security Technical Implementation Guide V-215808CAT IIThe Cisco router must be configured to automatically audit account creation.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220519CAT IIThe Cisco switch must be configured to automatically audit account creation.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-242609CAT IIFor the local web-based account of last resort, the Cisco ISE must automatically audit account creation.Cisco ISE NDM Security Technical Implementation Guide V-220475CAT IIThe Cisco switch must be configured to automatically audit account creation.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233022CAT IIThe container platform must automatically audit account creation.Container Platform Security Requirements Guide V-255530CAT IIThe DBN-6300 must automatically audit account creation.DBN-6300 NDM Security Technical Implementation Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-217383CAT IIThe BIG-IP appliance must automatically audit account creation.F5 BIG-IP Device Management Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-234162CAT IIThe FortiGate device must automatically audit account creation.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203593CAT IIThe operating system must audit all account creations.General Purpose Operating System Security Requirements Guide V-217427CAT IIThe HP FlexFabric Switch must automatically audit account creation.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266908CAT IIAOS must automatically audit account creation.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268231CAT IIThe HYCU virtual appliance must automatically audit account creation.HYCU Protege Security Technical Implementation Guide V-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation Guide V-223544CAT IIIBM z/OS Required SMF data record types must be collected.IBM z/OS ACF2 Security Technical Implementation Guide V-223653CAT IIIBM RACF SETROPTS LOGOPTIONS must be properly configured.IBM z/OS RACF Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-253879CAT IIThe Juniper EX switch must be configured to automatically audit account creation.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217306CAT IIThe Juniper router must be configured to automatically audit account creation.Juniper Router NDM Security Technical Implementation Guide V-66459CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account creation events.Juniper SRX SG NDM Security Technical Implementation Guide V-223181CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account creation events.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-242403CAT IIKubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.Kubernetes Security Technical Implementation Guide V-205447CAT IIThe Mainframe Product must automatically audit account creation.Mainframe Product Security Requirements Guide V-220750CAT IIThe system must be configured to audit Account Management - Security Group Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-220751CAT IIThe system must be configured to audit Account Management - User Account Management failures.Microsoft Windows 10 Security Technical Implementation Guide V-220752CAT IIThe system must be configured to audit Account Management - User Account Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-224884CAT IIWindows Server 2016 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224885CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224886CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224986CAT IIWindows Server 2016 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205625CAT IIWindows Server 2019 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205626CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205627CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205628CAT IIWindows Server 2019 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254303CAT IIWindows Server 2022 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254304CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254305CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254407CAT IIWindows Server 2022 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278050CAT IIWindows Server 2025 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278051CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278052CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278154CAT IIWindows Server 2025 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260914CAT IIAudit logging must be enabled on MKE.Mirantis Kubernetes Engine Security Technical Implementation Guide V-202013CAT IIThe network device must automatically audit account creation.Network Device Management Security Requirements Guide V-254127CAT IINutanix AOS must audit all account actions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279541CAT IINutanix OS must audit all account change actions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221825CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 7 Security Technical Implementation Guide V-221826CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Oracle Linux 7 Security Technical Implementation Guide V-221827CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Oracle Linux 7 Security Technical Implementation Guide V-221828CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Oracle Linux 7 Security Technical Implementation Guide V-221829CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Oracle Linux 7 Security Technical Implementation Guide V-248740CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/shadow".Oracle Linux 8 Security Technical Implementation Guide V-248741CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".Oracle Linux 8 Security Technical Implementation Guide V-248742CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/passwd".Oracle Linux 8 Security Technical Implementation Guide V-248743CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/gshadow".Oracle Linux 8 Security Technical Implementation Guide V-248744CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/group".Oracle Linux 8 Security Technical Implementation Guide V-248745CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Oracle Linux 8 Security Technical Implementation Guide V-248746CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".Oracle Linux 8 Security Technical Implementation Guide V-271527CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Oracle Linux 9 Security Technical Implementation Guide V-271528CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Oracle Linux 9 Security Technical Implementation Guide V-271529CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Oracle Linux 9 Security Technical Implementation Guide V-271530CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Oracle Linux 9 Security Technical Implementation Guide V-271531CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Oracle Linux 9 Security Technical Implementation Guide V-271532CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 9 Security Technical Implementation Guide V-271533CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Oracle Linux 9 Security Technical Implementation Guide V-235933CAT IIOracle WebLogic must automatically audit account creation.Oracle WebLogic Server 12c Security Technical Implementation Guide V-273788CAT IIThe RUCKUS ICX device must initiate session auditing upon startup.RUCKUS ICX NDM Security Technical Implementation Guide V-252844CAT IIRancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-254555CAT IIRancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-281154CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281155CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect the "/etc/sudoers.d/" directory.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281156CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/group".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281157CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281158CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/opasswd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281159CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/passwd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281160CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/shadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204564CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204565CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204566CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204567CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204568CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-258217CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258218CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258219CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258220CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258221CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258223CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257509CAT IIOpenShift must automatically audit account creation.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257509CAT IIOpenShift must automatically audit account creation.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275452CAT IThe Riverbed NetIM must enable and configure user audit logging.Riverbed NetIM NDM Security Technical Implementation Guide V-275713CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Riverbed NetIM OS Security Technical Implementation Guide V-275714CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Riverbed NetIM OS Security Technical Implementation Guide V-275715CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Riverbed NetIM OS Security Technical Implementation Guide V-275716CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Riverbed NetIM OS Security Technical Implementation Guide V-275717CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Riverbed NetIM OS Security Technical Implementation Guide V-256072CAT IThe Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.Riverbed NetProfiler Security Technical Implementation Guide V-261449CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261450CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261452CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217205CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217206CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217207CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217208CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217240CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-22376CAT IIIThe audit system must be configured to audit account creation.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216259CAT IIThe audit system must be configured to audit account creation.Solaris 11 SPARC Security Technical Implementation Guide V-216024CAT IIThe audit system must be configured to audit account creation.Solaris 11 X86 Security Technical Implementation Guide V-279252CAT IThe Edge SWG must be configured to send log data to at least one central log server for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Symantec Edge SWG NDM Security Technical Implementation Guide V-241111CAT IITrend Deep Security must automatically audit account creation.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242259CAT IThe TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252972CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282353CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282354CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282355CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282356CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282357CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282358CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282359CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234289CAT IIThe UEM server must automatically audit account creation.Unified Endpoint Management Server Security Requirements Guide V-240345CAT IIThe SLES for vRealize must audit all account creations.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240346CAT IIIn addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications must be investigated for legitimacy.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239443CAT IIThe SLES for vRealize must audit all account creations.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-239444CAT IIIn addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications, any unexpected users, groups, or modifications must be investigated for legitimacy.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256478CAT IIThe Photon operating system must audit all account creations.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-258801CAT IIThe Photon operating system must audit all account creations.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207341CAT IIThe VMM must automatically audit account creation.Virtual Machine Manager Security Requirements Guide V-73417CAT IIWindows Server 2016 must be configured to audit Account Management - Computer Account Management successes.Windows Server 2016 Security Technical Implementation Guide V-73417CAT IIWindows Server 2016 must be configured to audit Account Management - Computer Account Management successes.Windows Server 2016 Security Technical Implementation Guide V-73423CAT IIWindows Server 2016 must be configured to audit Account Management - Security Group Management successes.Windows Server 2016 Security Technical Implementation Guide V-73423CAT IIWindows Server 2016 must be configured to audit Account Management - Security Group Management successes.Windows Server 2016 Security Technical Implementation Guide V-73427CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management successes.Windows Server 2016 Security Technical Implementation Guide V-73427CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management successes.Windows Server 2016 Security Technical Implementation Guide V-73429CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management failures.Windows Server 2016 Security Technical Implementation Guide V-73429CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management failures.Windows Server 2016 Security Technical Implementation Guide V-92979CAT IIWindows Server 2019 must be configured to audit Account Management - Security Group Management successes.Windows Server 2019 Security Technical Implementation Guide V-92981CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management successes.Windows Server 2019 Security Technical Implementation Guide V-92983CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management failures.Windows Server 2019 Security Technical Implementation Guide V-92985CAT IIWindows Server 2019 must be configured to audit Account Management - Computer Account Management successes.Windows Server 2019 Security Technical Implementation Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide