STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-001683

Definition

The information system notifies organization-defined personnel or roles for account creation actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (28)

V-255602CAT IThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are created.A10 Networks ADC NDM Security Technical Implementation Guide V-76469CAT IIThe Akamai Luna Portal must generate alerts that can be forwarded to the SAs and ISSO when accounts are created.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-222417CAT IIIThe application must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are created.Application Security and Development Security Technical Implementation Guide V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-270993CAT IIThe Dragos Platform must notify system administrators and information system security officer (ISSO) of local account activity.Dragos Platform 2.x Security Technical Implementation Guide V-228995CAT IIThe BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are created.F5 BIG-IP Device Management Security Technical Implementation Guide V-65113CAT IIThe DataPower Gateway must generate alerts that can be forwarded to the administrators and ISSO when accounts are created.IBM DataPower Network Device Management Security Technical Implementation Guide V-255754CAT IIThe MQ Appliance network device must generate account activity alerts that are forwarded to the administrators and Information System Security Officer (ISSO). Activity includes, creation, removal, modification and re-enablement after being previously disabled.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-66443CAT IIFor local accounts, the Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when local accounts are created.Juniper SRX SG NDM Security Technical Implementation Guide V-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257511CAT IIOpenShift must generate audit rules to capture account related actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-221939CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, disabling).Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-221940CAT IIISplunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251658CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, or disabling).Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241001CAT IITanium must notify system administrators and ISSO when accounts are created.Tanium 7.0 Security Technical Implementation Guide V-234061CAT IITanium must notify SA and ISSO when accounts are created.Tanium 7.3 Security Technical Implementation Guide V-254923CAT IITanium must notify system administrator (SA) and the information system security officer (ISSO) when accounts are created.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254856CAT IIThe Tanium Operating System (TanOS) must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are created.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-253825CAT IITanium must notify system administrator and information system security officer (ISSO) when accounts are created.Tanium 7.x Security Technical Implementation Guide V-241151CAT IITrend Deep Security must notify System Administrators and Information System Security Officers when accounts are created.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-239586CAT IIIThe SLES for vRealize must notify System Administrators and Information Systems Security Officer when accounts are created.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256337CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258744CAT IIThe ESXi host must off-load logs via syslog.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258923CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 8.0 vCenter Security Technical Implementation Guide