STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-001404

Definition

Automatically audit account disabling actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (167)

V-204642CAT IIAAA Services must be configured to automatically audit account disabling actions.AAA Services Security Requirements Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-252462CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257168CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277060CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222415CAT IIThe application must automatically audit account disabling actions.Application Security and Development Security Technical Implementation Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-217358CAT IIThe Arista Multilayer Switch must automatically audit account disabling actions.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-219220CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219221CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219222CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219223CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219224CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238238CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238239CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238240CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238241CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238242CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260628CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260629CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260630CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260631CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260632CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270684CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270685CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270686CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270687CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270688CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221902CAT IIThe Central Log Server must automatically audit account disabling actions.Central Log Server Security Requirements Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-239899CAT IIThe Cisco ASA must be configured to automatically audit account-disabling actions.Cisco ASA NDM Security Technical Implementation Guide V-215665CAT IIThe Cisco router must be configured to automatically audit account disabling actions.Cisco IOS Router NDM Security Technical Implementation Guide V-220573CAT IIThe Cisco switch must be configured to automatically audit account disabling actions.Cisco IOS Switch NDM Security Technical Implementation Guide V-215810CAT IIThe Cisco router must be configured to automatically audit account disabling actions.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220521CAT IIThe Cisco switch must be configured to automatically audit account disabling actions.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-242611CAT IIFor the local web-based account of last resort, the Cisco ISE must automatically audit account disabling actions.Cisco ISE NDM Security Technical Implementation Guide V-220477CAT IIThe Cisco switch must be configured to automatically audit account disabling actions.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233024CAT IIThe container platform must automatically audit account-disabling actions.Container Platform Security Requirements Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-217385CAT IIThe BIG-IP appliance must automatically audit account-disabling actions.F5 BIG-IP Device Management Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-203667CAT IIThe operating system must audit all account disabling actions.General Purpose Operating System Security Requirements Guide V-217429CAT IIThe HP FlexFabric Switch must automatically audit account disabling actions.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266908CAT IIAOS must automatically audit account creation.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268233CAT IIThe HYCU virtual appliance must automatically audit account disabling actions.HYCU Protege Security Technical Implementation Guide V-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation Guide V-223544CAT IIIBM z/OS Required SMF data record types must be collected.IBM z/OS ACF2 Security Technical Implementation Guide V-223653CAT IIIBM RACF SETROPTS LOGOPTIONS must be properly configured.IBM z/OS RACF Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-217308CAT IIThe Juniper router must be configured to automatically audit account disabling actions.Juniper Router NDM Security Technical Implementation Guide V-66463CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account disabling events.Juniper SRX SG NDM Security Technical Implementation Guide V-223183CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account disabling events.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-242403CAT IIKubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.Kubernetes Security Technical Implementation Guide V-205449CAT IIThe Mainframe Product must automatically audit account disabling actions.Mainframe Product Security Requirements Guide V-220750CAT IIThe system must be configured to audit Account Management - Security Group Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-220751CAT IIThe system must be configured to audit Account Management - User Account Management failures.Microsoft Windows 10 Security Technical Implementation Guide V-220752CAT IIThe system must be configured to audit Account Management - User Account Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-224884CAT IIWindows Server 2016 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224885CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224886CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224890CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Account Lockout failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224986CAT IIWindows Server 2016 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205625CAT IIWindows Server 2019 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205626CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205627CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205628CAT IIWindows Server 2019 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205730CAT IIWindows Server 2019 must be configured to audit Logon/Logoff - Account Lockout failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254303CAT IIWindows Server 2022 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254304CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254305CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254309CAT IIWindows Server 2022 must be configured to audit Logon/Logoff - Account Lockout failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254407CAT IIWindows Server 2022 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278050CAT IIWindows Server 2025 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278051CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278052CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278055CAT IIWindows Server 2025 must be configured to audit Logon/Logoff - Account Lockout successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278056CAT IIWindows Server 2025 must be configured to audit Logon/Logoff - Account Lockout failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278154CAT IIWindows Server 2025 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260914CAT IIAudit logging must be enabled on MKE.Mirantis Kubernetes Engine Security Technical Implementation Guide V-202015CAT IIThe network device must automatically audit account disabling actions.Network Device Management Security Requirements Guide V-254127CAT IINutanix AOS must audit all account actions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279541CAT IINutanix OS must audit all account change actions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221825CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 7 Security Technical Implementation Guide V-248740CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/shadow".Oracle Linux 8 Security Technical Implementation Guide V-248741CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".Oracle Linux 8 Security Technical Implementation Guide V-248742CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/passwd".Oracle Linux 8 Security Technical Implementation Guide V-248743CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/gshadow".Oracle Linux 8 Security Technical Implementation Guide V-248744CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/group".Oracle Linux 8 Security Technical Implementation Guide V-248745CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Oracle Linux 8 Security Technical Implementation Guide V-248746CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".Oracle Linux 8 Security Technical Implementation Guide V-271527CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Oracle Linux 9 Security Technical Implementation Guide V-271528CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Oracle Linux 9 Security Technical Implementation Guide V-271529CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Oracle Linux 9 Security Technical Implementation Guide V-271530CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Oracle Linux 9 Security Technical Implementation Guide V-271531CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Oracle Linux 9 Security Technical Implementation Guide V-271532CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 9 Security Technical Implementation Guide V-271533CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Oracle Linux 9 Security Technical Implementation Guide V-273788CAT IIThe RUCKUS ICX device must initiate session auditing upon startup.RUCKUS ICX NDM Security Technical Implementation Guide V-252845CAT IIWhen allowed by the central authentication system, the default role assigned to a user must be User-Base.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-254555CAT IIRancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-281154CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281155CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect the "/etc/sudoers.d/" directory.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281156CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/group".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281157CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281158CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/opasswd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281159CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/passwd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281160CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/shadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258217CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258218CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258219CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258220CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258221CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258223CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257511CAT IIOpenShift must generate audit rules to capture account related actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275452CAT IThe Riverbed NetIM must enable and configure user audit logging.Riverbed NetIM NDM Security Technical Implementation Guide V-275713CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Riverbed NetIM OS Security Technical Implementation Guide V-275714CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Riverbed NetIM OS Security Technical Implementation Guide V-275715CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Riverbed NetIM OS Security Technical Implementation Guide V-275716CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Riverbed NetIM OS Security Technical Implementation Guide V-275717CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Riverbed NetIM OS Security Technical Implementation Guide V-256072CAT IThe Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.Riverbed NetProfiler Security Technical Implementation Guide V-261449CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261450CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261452CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-22378CAT IIIThe audit system must be configured to audit account disabling.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216261CAT IIThe operating system must automatically audit account disabling actions.Solaris 11 SPARC Security Technical Implementation Guide V-216026CAT IIThe operating system must automatically audit account disabling actions.Solaris 11 X86 Security Technical Implementation Guide V-279252CAT IThe Edge SWG must be configured to send log data to at least one central log server for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Symantec Edge SWG NDM Security Technical Implementation Guide V-241113CAT IITrend Deep Security must automatically audit account disabling actions.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242259CAT IThe TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252972CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282353CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282354CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282355CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282356CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282357CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282358CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282359CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234291CAT IIThe UEM server must automatically audit account disabling actions.Unified Endpoint Management Server Security Requirements Guide V-240484CAT IIThe SLES for vRealize must audit all account disabling actions.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239577CAT IIThe SLES for vRealize must audit all account-disabling actions.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256519CAT IIThe Photon operating system must audit all account disabling actions.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-258842CAT IIThe Photon operating system must audit the execution of privileged functions.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207414CAT IIThe VMM must automatically audit account disabling actions.Virtual Machine Manager Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide