STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 — Account Management

CCI-002111

Definition

The organization identifies and selects the organization-defined information system account types of information system accounts which support organizational missions/business functions.

Parent Control

AC-2Account ManagementAccess Control

Linked STIG Checks (37)

V-255953CAT IIThe Arista network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-255505CAT IIIn the event the authentication server is unavailable, there must be one local account of last resort.CA API Gateway NDM Security Technical Implementation Guide V-271929CAT IIThe Cisco ACI must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco ACI NDM Security Technical Implementation Guide V-239912CAT IIThe Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco ASA NDM Security Technical Implementation Guide V-215679CAT IIThe Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco IOS Router NDM Security Technical Implementation Guide V-220587CAT IIThe Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco IOS Switch NDM Security Technical Implementation Guide V-215824CAT IIThe Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220535CAT IIThe Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216530CAT IIThe Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242614CAT IIThe Cisco ISE must be configured with only one local web-based account to be used as the account of last resort in the event the authentication server is unavailable.Cisco ISE NDM Security Technical Implementation Guide V-220487CAT IIThe Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Cisco NX OS Switch NDM Security Technical Implementation Guide V-255548CAT IThe DBN-6300 must uniquely identify and authenticate organizational administrators (or processes acting on behalf of organizational administrators).DBN-6300 NDM Security Technical Implementation Guide V-269778CAT IIThe Dell OS10 Switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Dell OS10 Switch NDM Security Technical Implementation Guide V-266066CAT IIThe F5 BIG-IP appliance must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-255643CAT IIIn the event the authentication server is unavailable, one local account must be created for use as the account of last resort.ForeScout CounterACT NDM Security Technical Implementation Guide V-230932CAT IIForescout must be configured with only one web account and one CLI account of last resort with limited access and used only when the authentication server is unavailable.Forescout Network Device Management Security Technical Implementation Guide V-234165CAT IIThe FortiGate device must have only one local account to be used as the account of last resort in the event the authentication server is unavailable.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-283378CAT IIThe HPE Alletra Storage ArcusOS device must be configured with only one local interactive account to be used as the account of last resort in the event the authentication server is unavailable.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-266975CAT IIAOS must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268274CAT IIThe HYCU virtual appliance must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.HYCU Protege Security Technical Implementation Guide V-255736CAT IIIn the event the authentication server is unavailable, the MQ Appliance must provide one local account created for emergency administration use.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-258607CAT IIThe ICS must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Ivanti Connect Secure NDM Security Technical Implementation Guide V-253901CAT IIThe Juniper EX switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217321CAT IIThe Juniper router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Juniper Router NDM Security Technical Implementation Guide V-246926CAT IIONTAP must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202051CAT IIThe network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Network Device Management Security Requirements Guide V-243146CAT IIThe network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Network WLAN AP-IG Management Security Technical Implementation Guide V-243164CAT IIThe network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243182CAT IIThe network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Network WLAN Bridge Management Security Technical Implementation Guide V-243200CAT IIThe network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Network WLAN Controller Management Security Technical Implementation Guide V-268323CAT IIThe Palo Alto device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Palo Alto Networks NDM Security Technical Implementation Guide V-273799CAT IIThe RUCKUS ICX device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.RUCKUS ICX NDM Security Technical Implementation Guide V-275453CAT IIThe Riverbed NetIM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Riverbed NetIM NDM Security Technical Implementation Guide V-256078CAT IIThe Riverbed NetProfiler must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Riverbed NetProfiler Security Technical Implementation Guide V-279256CAT IIThe Edge SWG must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Symantec Edge SWG NDM Security Technical Implementation Guide V-94653CAT IISymantec ProxySG must be configured with only one local account that is used as the account of last resort.Symantec ProxySG NDM Security Technical Implementation Guide V-242237CAT IIThe TippingPoint SMS must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.Trend Micro TippingPoint NDM Security Technical Implementation Guide