STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-001405

Definition

Automatically audit account removal actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (157)

V-204643CAT IIAAA Services must be configured to automatically audit account removal actions.AAA Services Security Requirements Guide V-76467CAT IIThe Akamai Luna Portal must automatically audit account removal actions.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-252462CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257168CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277060CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222416CAT IIThe application must automatically audit account removal actions.Application Security and Development Security Technical Implementation Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-217359CAT IIThe Arista Multilayer Switch must automatically audit account removal actions.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-219220CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219221CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219222CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219223CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219224CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238238CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238239CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238240CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238241CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238242CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260628CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260629CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260630CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260631CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260632CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270684CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270685CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270686CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270687CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270688CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221903CAT IIThe Central Log Server must automatically audit account removal actions.Central Log Server Security Requirements Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-239900CAT IIThe Cisco ASA must be configured to automatically audit account removal actions.Cisco ASA NDM Security Technical Implementation Guide V-215666CAT IIThe Cisco router must be configured to automatically audit account removal actions.Cisco IOS Router NDM Security Technical Implementation Guide V-220574CAT IIThe Cisco switch must be configured to automatically audit account removal actions.Cisco IOS Switch NDM Security Technical Implementation Guide V-215811CAT IIThe Cisco router must be configured to automatically audit account removal actions.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220522CAT IIThe Cisco switch must be configured to automatically audit account removal actions.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-242612CAT IIFor the local account of last resort, the Cisco ISE must automatically audit account removal actions.Cisco ISE NDM Security Technical Implementation Guide V-220478CAT IIThe Cisco switch must be configured to automatically audit account removal actions.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233025CAT IIThe container platform must automatically audit account removal actions.Container Platform Security Requirements Guide V-255532CAT IIThe DBN-6300 must automatically audit account removal actions.DBN-6300 NDM Security Technical Implementation Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-217386CAT IIThe BIG-IP appliance must automatically audit account removal actions.F5 BIG-IP Device Management Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-234164CAT IIThe FortiGate device must automatically audit account removal actions.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203668CAT IIThe operating system must audit all account removal actions.General Purpose Operating System Security Requirements Guide V-217430CAT IIThe HP FlexFabric Switch must automatically audit account removal actions.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266908CAT IIAOS must automatically audit account creation.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268234CAT IIThe HYCU virtual appliance must automatically audit account removal actions.HYCU Protege Security Technical Implementation Guide V-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation Guide V-223544CAT IIIBM z/OS Required SMF data record types must be collected.IBM z/OS ACF2 Security Technical Implementation Guide V-223653CAT IIIBM RACF SETROPTS LOGOPTIONS must be properly configured.IBM z/OS RACF Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-217309CAT IIThe Juniper router must be configured to automatically audit account removal actions.Juniper Router NDM Security Technical Implementation Guide V-66465CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account removal events.Juniper SRX SG NDM Security Technical Implementation Guide V-223184CAT IIFor local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account removal events.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-205450CAT IIThe Mainframe Product must automatically audit account removal actions.Mainframe Product Security Requirements Guide V-220750CAT IIThe system must be configured to audit Account Management - Security Group Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-220751CAT IIThe system must be configured to audit Account Management - User Account Management failures.Microsoft Windows 10 Security Technical Implementation Guide V-220752CAT IIThe system must be configured to audit Account Management - User Account Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-224884CAT IIWindows Server 2016 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224885CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224886CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224986CAT IIWindows Server 2016 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205625CAT IIWindows Server 2019 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205626CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205627CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205628CAT IIWindows Server 2019 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254303CAT IIWindows Server 2022 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254304CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254305CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254407CAT IIWindows Server 2022 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278050CAT IIWindows Server 2025 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278051CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278052CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278154CAT IIWindows Server 2025 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260914CAT IIAudit logging must be enabled on MKE.Mirantis Kubernetes Engine Security Technical Implementation Guide V-202016CAT IIThe network device must automatically audit account removal actions.Network Device Management Security Requirements Guide V-254127CAT IINutanix AOS must audit all account actions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279541CAT IINutanix OS must audit all account change actions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221825CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 7 Security Technical Implementation Guide V-248743CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/gshadow".Oracle Linux 8 Security Technical Implementation Guide V-271527CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Oracle Linux 9 Security Technical Implementation Guide V-271528CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Oracle Linux 9 Security Technical Implementation Guide V-271529CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Oracle Linux 9 Security Technical Implementation Guide V-271530CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Oracle Linux 9 Security Technical Implementation Guide V-271531CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Oracle Linux 9 Security Technical Implementation Guide V-271532CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 9 Security Technical Implementation Guide V-271533CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Oracle Linux 9 Security Technical Implementation Guide V-273788CAT IIThe RUCKUS ICX device must initiate session auditing upon startup.RUCKUS ICX NDM Security Technical Implementation Guide V-281154CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281155CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect the "/etc/sudoers.d/" directory.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281156CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/group".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281157CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281158CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/opasswd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281159CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/passwd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281160CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/shadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258217CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258218CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258219CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258220CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258221CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258223CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257512CAT IIOpen Shift must automatically audit account removal actions.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257512CAT IIOpen Shift must automatically audit account removal actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275452CAT IThe Riverbed NetIM must enable and configure user audit logging.Riverbed NetIM NDM Security Technical Implementation Guide V-275713CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Riverbed NetIM OS Security Technical Implementation Guide V-275714CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Riverbed NetIM OS Security Technical Implementation Guide V-275715CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Riverbed NetIM OS Security Technical Implementation Guide V-275716CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Riverbed NetIM OS Security Technical Implementation Guide V-275717CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Riverbed NetIM OS Security Technical Implementation Guide V-256072CAT IThe Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.Riverbed NetProfiler Security Technical Implementation Guide V-261449CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261450CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261452CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-22382CAT IIIThe audit system must be configured to audit account termination.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216262CAT IIThe operating system must automatically audit account termination.Solaris 11 SPARC Security Technical Implementation Guide V-216027CAT IIThe operating system must automatically audit account termination.Solaris 11 X86 Security Technical Implementation Guide V-279252CAT IThe Edge SWG must be configured to send log data to at least one central log server for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Symantec Edge SWG NDM Security Technical Implementation Guide V-241114CAT IITrend Deep Security must automatically audit account removal actions.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-252972CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-252973CAT IITOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282353CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282354CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282355CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282356CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282357CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282358CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282359CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234292CAT IIThe UEM server must automatically audit account removal actions.Unified Endpoint Management Server Security Requirements Guide V-240485CAT IIThe SLES for vRealize must audit all account removal actions.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239578CAT IIThe SLES for vRealize must audit all account removal actions.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256520CAT IIThe Photon operating system must audit all account removal actions.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-258834CAT IIThe Photon operating system must audit all account removal actions.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207415CAT IIThe VMM must automatically audit account removal actions.Virtual Machine Manager Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide