STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-001403

Definition

Automatically audit account modification actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (183)

V-204641CAT IIAAA Services must be configured to automatically audit account modification.AAA Services Security Requirements Guide V-76465CAT IIThe Akamai Luna Portal must automatically audit account modification.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-252462CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257168CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277060CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222414CAT IIThe application must automatically audit account modification.Application Security and Development Security Technical Implementation Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-217357CAT IIThe Arista Multilayer Switch must automatically audit account modification.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-219220CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219221CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219222CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219223CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219224CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238238CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238239CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238240CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238241CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238242CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260628CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260629CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260630CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260631CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260632CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270684CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270685CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270686CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270687CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270688CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221901CAT IIThe Central Log Server must automatically audit account modification.Central Log Server Security Requirements Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-239898CAT IIThe Cisco ASA must be configured to automatically audit account modification.Cisco ASA NDM Security Technical Implementation Guide V-215664CAT IIThe Cisco router must be configured to automatically audit account modification.Cisco IOS Router NDM Security Technical Implementation Guide V-220572CAT IIThe Cisco switch must be configured to automatically audit account modification.Cisco IOS Switch NDM Security Technical Implementation Guide V-215809CAT IIThe Cisco router must be configured to automatically audit account modification.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220520CAT IIThe Cisco switch must be configured to automatically audit account modification.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-242610CAT IIFor the local web-based account of last resort and the default local CLI account, the Cisco ISE must automatically audit account modification.Cisco ISE NDM Security Technical Implementation Guide V-220476CAT IIThe Cisco switch must be configured to automatically audit account modification.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233023CAT IIThe container platform must automatically audit account modification.Container Platform Security Requirements Guide V-255531CAT IIThe DBN-6300 must automatically audit account modification.DBN-6300 NDM Security Technical Implementation Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-217384CAT IIThe BIG-IP appliance must automatically audit account modification.F5 BIG-IP Device Management Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-234163CAT IIThe FortiGate device must automatically audit account modification.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203666CAT IIThe operating system must audit all account modifications.General Purpose Operating System Security Requirements Guide V-217428CAT IIThe HP FlexFabric Switch must automatically audit account modification.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266908CAT IIAOS must automatically audit account creation.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268232CAT IIThe HYCU virtual appliance must automatically audit account modification.HYCU Protege Security Technical Implementation Guide V-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation Guide V-223544CAT IIIBM z/OS Required SMF data record types must be collected.IBM z/OS ACF2 Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-217307CAT IIThe Juniper router must be configured to automatically audit account modification.Juniper Router NDM Security Technical Implementation Guide V-66461CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account modification events.Juniper SRX SG NDM Security Technical Implementation Guide V-223182CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account modification events.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-242403CAT IIKubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.Kubernetes Security Technical Implementation Guide V-205448CAT IIThe Mainframe Product must automatically audit account modification.Mainframe Product Security Requirements Guide V-228354CAT IIExchange must have Administrator audit logging enabled.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259648CAT IIExchange must have administrator audit logging enabled.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-220750CAT IIThe system must be configured to audit Account Management - Security Group Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-220751CAT IIThe system must be configured to audit Account Management - User Account Management failures.Microsoft Windows 10 Security Technical Implementation Guide V-220752CAT IIThe system must be configured to audit Account Management - User Account Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-253310CAT IIThe system must be configured to audit Account Management - User Account Management successes.Microsoft Windows 11 Security Technical Implementation Guide V-224884CAT IIWindows Server 2016 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224885CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224886CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224986CAT IIWindows Server 2016 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205625CAT IIWindows Server 2019 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205626CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205627CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205628CAT IIWindows Server 2019 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254303CAT IIWindows Server 2022 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254304CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254305CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254407CAT IIWindows Server 2022 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278050CAT IIWindows Server 2025 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278051CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278052CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278154CAT IIWindows Server 2025 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260914CAT IIAudit logging must be enabled on MKE.Mirantis Kubernetes Engine Security Technical Implementation Guide V-202014CAT IIThe network device must automatically audit account modification.Network Device Management Security Requirements Guide V-254127CAT IINutanix AOS must audit all account actions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279541CAT IINutanix OS must audit all account change actions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221825CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 7 Security Technical Implementation Guide V-248740CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/shadow".Oracle Linux 8 Security Technical Implementation Guide V-248741CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".Oracle Linux 8 Security Technical Implementation Guide V-248742CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/passwd".Oracle Linux 8 Security Technical Implementation Guide V-248743CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/gshadow".Oracle Linux 8 Security Technical Implementation Guide V-248744CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/group".Oracle Linux 8 Security Technical Implementation Guide V-248745CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Oracle Linux 8 Security Technical Implementation Guide V-248746CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".Oracle Linux 8 Security Technical Implementation Guide V-271527CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Oracle Linux 9 Security Technical Implementation Guide V-271528CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Oracle Linux 9 Security Technical Implementation Guide V-271529CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Oracle Linux 9 Security Technical Implementation Guide V-271530CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Oracle Linux 9 Security Technical Implementation Guide V-271531CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Oracle Linux 9 Security Technical Implementation Guide V-271532CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 9 Security Technical Implementation Guide V-271533CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Oracle Linux 9 Security Technical Implementation Guide V-235934CAT IIOracle WebLogic must automatically audit account modification.Oracle WebLogic Server 12c Security Technical Implementation Guide V-273788CAT IIThe RUCKUS ICX device must initiate session auditing upon startup.RUCKUS ICX NDM Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-254555CAT IIRancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-281154CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281155CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect the "/etc/sudoers.d/" directory.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281156CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/group".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281157CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281158CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/opasswd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281159CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/passwd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281160CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/shadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204564CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204565CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204566CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204567CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204568CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-258217CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258218CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258219CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258220CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258221CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258223CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257510CAT IIOpenShift must automatically audit account modification.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257510CAT IIOpenShift must automatically audit account modification.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275713CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Riverbed NetIM OS Security Technical Implementation Guide V-275714CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Riverbed NetIM OS Security Technical Implementation Guide V-275715CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Riverbed NetIM OS Security Technical Implementation Guide V-275716CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Riverbed NetIM OS Security Technical Implementation Guide V-275717CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Riverbed NetIM OS Security Technical Implementation Guide V-256072CAT IThe Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.Riverbed NetProfiler Security Technical Implementation Guide V-261449CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261450CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261452CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217205CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217206CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217207CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217208CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217240CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-22377CAT IIIThe audit system must be configured to audit account modification.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216260CAT IIThe audit system must be configured to audit account modification.Solaris 11 SPARC Security Technical Implementation Guide V-216025CAT IIThe audit system must be configured to audit account modification.Solaris 11 X86 Security Technical Implementation Guide V-279252CAT IThe Edge SWG must be configured to send log data to at least one central log server for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Symantec Edge SWG NDM Security Technical Implementation Guide V-241112CAT IITrend Deep Security must automatically audit account modification.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242259CAT IThe TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252972CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282353CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282354CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282355CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282356CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282357CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282358CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282359CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234290CAT IIThe UEM server must automatically audit account modification.Unified Endpoint Management Server Security Requirements Guide V-265289CAT IIThe NSX Manager must configure logging levels for services to ensure audit records are generated.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-240482CAT IIThe SLES for vRealize must audit all account modifications.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240483CAT IIThe SLES for vRealize must audit all account modifications.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239575CAT IIThe SLES for vRealize must audit all account modifications.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-239576CAT IIThe SLES for vRealize must audit all account modifications.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256517CAT IIThe Photon operating system must audit all account modifications.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256518CAT IIThe Photon operating system must audit all account modifications.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-258833CAT IIThe Photon operating system must audit all account modifications.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258868CAT IIThe Photon operating system must audit all account modifications.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207413CAT IIThe VMM must automatically audit account modification.Virtual Machine Manager Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide