STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-001684

Definition

The information system notifies organization-defined personnel or roles for account modification actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (29)

V-255603CAT IIThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are modified.A10 Networks ADC NDM Security Technical Implementation Guide V-76471CAT IIThe Akamai Luna Portal must generate alerts that can be forwarded to the SAs and ISSO when accounts are modified.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-222418CAT IIIThe application must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are modified.Application Security and Development Security Technical Implementation Guide V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-270993CAT IIThe Dragos Platform must notify system administrators and information system security officer (ISSO) of local account activity.Dragos Platform 2.x Security Technical Implementation Guide V-228996CAT IIThe BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are modified.F5 BIG-IP Device Management Security Technical Implementation Guide V-65115CAT IIThe DataPower Gateway must generate alerts that can be forwarded to the administrators and ISSO when accounts are modified.IBM DataPower Network Device Management Security Technical Implementation Guide V-255754CAT IIThe MQ Appliance network device must generate account activity alerts that are forwarded to the administrators and Information System Security Officer (ISSO). Activity includes, creation, removal, modification and re-enablement after being previously disabled.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-66445CAT IIThe Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when the local accounts (i.e., the account of last resort or root account) are modified.Juniper SRX SG NDM Security Technical Implementation Guide V-229021CAT IIIThe Juniper SRX Services Gateway must allow only the information system security manager (ISSM) (or administrators/roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the syslog and/or local logs.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257511CAT IIOpenShift must generate audit rules to capture account related actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-221939CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, disabling).Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-221940CAT IIISplunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251658CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, or disabling).Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241002CAT IITanium must notify system administrators and ISSO when accounts are modified.Tanium 7.0 Security Technical Implementation Guide V-234062CAT IITanium must notify SA and ISSO when accounts are modified.Tanium 7.3 Security Technical Implementation Guide V-254924CAT IITanium must notify system administrators (SAs) and the information system security officer (ISSO) when accounts are modified.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254857CAT IIThe Tanium Operating System (TanOS) must audit and notify system administrators (SAs) and information system security officers (ISSOs) when accounts are modified.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-253826CAT IITanium must notify system administrators and the information system security officer (ISSO) when accounts are modified.Tanium 7.x Security Technical Implementation Guide V-241152CAT IITrend Deep Security must notify System Administrators and Information System Security Officers when accounts are modified.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-239587CAT IIIThe SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are modified.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256337CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258744CAT IIThe ESXi host must off-load logs via syslog.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258923CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 8.0 vCenter Security Technical Implementation Guide