STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← AC-2 (4) — Account Management

CCI-001686

Definition

The information system notifies organization-defined personnel or roles for account removal actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (30)

V-255605CAT IIThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are removed.A10 Networks ADC NDM Security Technical Implementation GuideV-76473CAT IIThe Akamai Luna Portal must generate alerts that can be forwarded to the SAs and ISSO when accounts are removed.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation GuideV-222420CAT IIIThe application must notify system administrators (SAs) and information system security officers (ISSOs) of account removal actions.Application Security and Development Security Technical Implementation GuideV-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation GuideV-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation GuideV-270993CAT IIThe Dragos Platform must notify system administrators and information system security officer (ISSO) of local account activity.Dragos Platform 2.x Security Technical Implementation GuideV-228998CAT IIThe BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are removed.F5 BIG-IP Device Management Security Technical Implementation GuideV-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation GuideV-65119CAT IIThe DataPower Gateway must generate alerts that can be forwarded to the administrators and ISSO when accounts are removed.IBM DataPower Network Device Management Security Technical Implementation GuideV-255754CAT IIThe MQ Appliance network device must generate account activity alerts that are forwarded to the administrators and Information System Security Officer (ISSO). Activity includes, creation, removal, modification and re-enablement after being previously disabled.IBM MQ Appliance v9.0 NDM Security Technical Implementation GuideV-66447CAT IIThe Juniper SRX Services Gateway must generate alerts to the management console and generate a log record that can be forwarded to the ISSO and designated system administrators when the local accounts (i.e., the account of last resort or root account) are deleted.Juniper SRX SG NDM Security Technical Implementation GuideV-229023CAT IIIn the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally.Juniper SRX Services Gateway NDM Security Technical Implementation GuideV-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation GuideV-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-257511CAT IIOpenShift must generate audit rules to capture account related actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation GuideV-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation GuideV-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation GuideV-221939CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, disabling).Splunk Enterprise 7.x for Windows Security Technical Implementation GuideV-221940CAT IIISplunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only.Splunk Enterprise 7.x for Windows Security Technical Implementation GuideV-251658CAT IIISplunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, or disabling).Splunk Enterprise 8.x for Linux Security Technical Implementation GuideV-241007CAT IITanium must notify System Administrators and Information System Security Officers for account removal actions.Tanium 7.0 Security Technical Implementation GuideV-234068CAT IITanium must notify SA and ISSO for account removal actions.Tanium 7.3 Security Technical Implementation GuideV-254926CAT IITanium must notify system administrators (SAs) and the information system security officer (ISSO) for account removal actions.Tanium 7.x Application on TanOS Security Technical Implementation GuideV-254858CAT IIThe Tanium Operating System (TanOS) must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are removed.Tanium 7.x Operating System on TanOS Security Technical Implementation GuideV-253830CAT IITanium must notify system administrators and the information system security officer (ISSO) for account removal actions.Tanium 7.x Security Technical Implementation GuideV-241154CAT IITrend Deep Security must notify System Administrators and Information System Security Officers for account removal actions.Trend Micro Deep Security 9.x Security Technical Implementation GuideV-239589CAT IIIThe SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are removed.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation GuideV-256337CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 7.0 vCenter Security Technical Implementation GuideV-258744CAT IIThe ESXi host must off-load logs via syslog.VMware vSphere 8.0 ESXi Security Technical Implementation GuideV-258923CAT IIThe vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMware vSphere 8.0 vCenter Security Technical Implementation Guide