STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-001685

Definition

The information system notifies organization-defined personnel or roles for account disabling actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (26)

V-255604CAT IIThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are disabled.A10 Networks ADC NDM Security Technical Implementation Guide V-222419CAT IIIThe application must notify system administrators (SAs) and information system security officers (ISSOs) of account disabling actions.Application Security and Development Security Technical Implementation Guide V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-270993CAT IIThe Dragos Platform must notify system administrators and information system security officer (ISSO) of local account activity.Dragos Platform 2.x Security Technical Implementation Guide V-228997CAT IIThe BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are disabled.F5 BIG-IP Device Management Security Technical Implementation Guide V-65117CAT IIThe DataPower Gateway must generate alerts that can be forwarded to the administrators and ISSO when accounts are disabled.IBM DataPower Network Device Management Security Technical Implementation Guide V-255754CAT IIThe MQ Appliance network device must generate account activity alerts that are forwarded to the administrators and Information System Security Officer (ISSO). Activity includes, creation, removal, modification and re-enablement after being previously disabled.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-66467CAT IIThe Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when accounts are disabled.Juniper SRX SG NDM Security Technical Implementation Guide V-229022CAT IIIFor local logging, the Juniper SRX Services Gateway must generate a message to the system management console when a log processing failure occurs.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257511CAT IIOpenShift must generate audit rules to capture account related actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-221939CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, disabling).Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-221940CAT IIISplunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251658CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, or disabling).Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241006CAT IITanium must notify System Administrators and Information System Security Officers for account disabling actions.Tanium 7.0 Security Technical Implementation Guide V-234067CAT IITanium must notify SA and ISSO for account disabling actions.Tanium 7.3 Security Technical Implementation Guide V-254925CAT IITanium must notify system administrators (SAs) and the information system security officer (ISSO) for account disabling actions.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253829CAT IITanium must notify system administrators and the information system security officer (ISSO) for account disabling actions.Tanium 7.x Security Technical Implementation Guide V-241153CAT IITrend Deep Security must notify System Administrators and Information System Security Officers for account disabling actions.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-239588CAT IIIThe SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are disabled.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256337CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258923CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 8.0 vCenter Security Technical Implementation Guide