STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-2 (4) — Account Management

CCI-002130

Definition

Automatically audit account enabling actions.

Parent Control

AC-2 (4)Account ManagementAccess Control

Linked STIG Checks (175)

V-204686CAT IIAAA Services must be configured to automatically audit account enabling actions.AAA Services Security Requirements Guide V-76475CAT IIThe Akamai Luna Portal must automatically audit account enabling actions.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-252464CAT IIThe macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257170CAT IIThe macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277060CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222421CAT IIThe application must automatically audit account enabling actions.Application Security and Development Security Technical Implementation Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-219220CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219221CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219222CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219223CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219224CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238238CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238239CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238240CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238241CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238242CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260628CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260629CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260630CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260631CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260632CAT IIUbuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270684CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270685CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270686CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270687CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270688CAT IIUbuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-215689CAT IIThe Cisco router must be configured to automatically audit account enabling actions.Cisco IOS Router NDM Security Technical Implementation Guide V-220597CAT IIThe Cisco switch must be configured to automatically audit account enabling actions.Cisco IOS Switch NDM Security Technical Implementation Guide V-215834CAT IIThe Cisco router must be configured to automatically audit account enabling actions.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220545CAT IIThe Cisco switch must be configured to automatically audit account enabling actions.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-242613CAT IIIThe Cisco ISE must automatically audit account enabling actions.Cisco ISE NDM Security Technical Implementation Guide V-220494CAT IIThe Cisco switch must be configured to automatically audit account enabling actions.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233157CAT IIThe container platform must automatically audit account-enabling actions.Container Platform Security Requirements Guide V-255564CAT IIThe DBN-6300 must automatically audit account enabling actions.DBN-6300 NDM Security Technical Implementation Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-217410CAT IIThe BIG-IP appliance must be configured to automatically audit account-enabling actions.F5 BIG-IP Device Management Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-203690CAT IIThe operating system must audit all account enabling actions.General Purpose Operating System Security Requirements Guide V-217459CAT IIThe HP FlexFabric Switch must automatically audit account enabling actions.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266908CAT IIAOS must automatically audit account creation.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268249CAT IIThe HYCU virtual appliance must automatically audit account enabling actions.HYCU Protege Security Technical Implementation Guide V-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation Guide V-65127CAT IIThe DataPower Gateway must automatically audit account enabling actions.IBM DataPower Network Device Management Security Technical Implementation Guide V-255732CAT IIThe MQ Appliance network device must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-255754CAT IIThe MQ Appliance network device must generate account activity alerts that are forwarded to the administrators and Information System Security Officer (ISSO). Activity includes, creation, removal, modification and re-enablement after being previously disabled.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-223544CAT IIIBM z/OS Required SMF data record types must be collected.IBM z/OS ACF2 Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-217329CAT IIThe Juniper router must be configured to automatically audit account enabling actions.Juniper Router NDM Security Technical Implementation Guide V-66469CAT IIThe Juniper SRX Services Gateway must automatically generate a log event when accounts are enabled.Juniper SRX SG NDM Security Technical Implementation Guide V-223185CAT IIThe Juniper SRX Services Gateway must automatically generate a log event when accounts are enabled.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-205541CAT IIThe Mainframe Product must automatically audit account enabling actions.Mainframe Product Security Requirements Guide V-220750CAT IIThe system must be configured to audit Account Management - Security Group Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-220751CAT IIThe system must be configured to audit Account Management - User Account Management failures.Microsoft Windows 10 Security Technical Implementation Guide V-220752CAT IIThe system must be configured to audit Account Management - User Account Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-224884CAT IIWindows Server 2016 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224885CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224886CAT IIWindows Server 2016 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224986CAT IIWindows Server 2016 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205625CAT IIWindows Server 2019 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205626CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205627CAT IIWindows Server 2019 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205628CAT IIWindows Server 2019 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254303CAT IIWindows Server 2022 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254304CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254305CAT IIWindows Server 2022 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254407CAT IIWindows Server 2022 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278050CAT IIWindows Server 2025 must be configured to audit Account Management - Security Group Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278051CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278052CAT IIWindows Server 2025 must be configured to audit Account Management - User Account Management failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278154CAT IIWindows Server 2025 must be configured to audit Account Management - Computer Account Management successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260909CAT IIMKE must be configured to integrate with an Enterprise Identity Provider.Mirantis Kubernetes Engine Security Technical Implementation Guide V-246925CAT IIONTAP must automatically audit account-enabling actions.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202088CAT IIThe network device must automatically audit account enabling actions.Network Device Management Security Requirements Guide V-254127CAT IINutanix AOS must audit all account actions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279541CAT IINutanix OS must audit all account change actions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221825CAT IIThe Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 7 Security Technical Implementation Guide V-248740CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/shadow".Oracle Linux 8 Security Technical Implementation Guide V-248741CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".Oracle Linux 8 Security Technical Implementation Guide V-248742CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/passwd".Oracle Linux 8 Security Technical Implementation Guide V-248743CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/gshadow".Oracle Linux 8 Security Technical Implementation Guide V-248744CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/group".Oracle Linux 8 Security Technical Implementation Guide V-248745CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Oracle Linux 8 Security Technical Implementation Guide V-248746CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".Oracle Linux 8 Security Technical Implementation Guide V-271527CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Oracle Linux 9 Security Technical Implementation Guide V-271528CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Oracle Linux 9 Security Technical Implementation Guide V-271529CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Oracle Linux 9 Security Technical Implementation Guide V-271530CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Oracle Linux 9 Security Technical Implementation Guide V-271531CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Oracle Linux 9 Security Technical Implementation Guide V-271532CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Oracle Linux 9 Security Technical Implementation Guide V-271533CAT IIOL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Oracle Linux 9 Security Technical Implementation Guide V-273788CAT IIThe RUCKUS ICX device must initiate session auditing upon startup.RUCKUS ICX NDM Security Technical Implementation Guide V-254555CAT IIRancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-281154CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281155CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect the "/etc/sudoers.d/" directory.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281156CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/group".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281157CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281158CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/opasswd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281159CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/passwd".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281160CAT IIRHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/shadow".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204564CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204565CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204566CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204567CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204568CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-258217CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258218CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258219CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258220CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258221CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258222CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258223CAT IIRHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257511CAT IIOpenShift must generate audit rules to capture account related actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275452CAT IThe Riverbed NetIM must enable and configure user audit logging.Riverbed NetIM NDM Security Technical Implementation Guide V-275713CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Riverbed NetIM OS Security Technical Implementation Guide V-275714CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Riverbed NetIM OS Security Technical Implementation Guide V-275715CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Riverbed NetIM OS Security Technical Implementation Guide V-275716CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Riverbed NetIM OS Security Technical Implementation Guide V-275717CAT IIUbuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Riverbed NetIM OS Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261449CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261450CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261451CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261452CAT IISLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217205CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217206CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217207CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217208CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217240CAT IIThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-279255CAT IIThe Edge SWG must produce audit records containing information to establish when (date and time) the events occurred.Symantec Edge SWG NDM Security Technical Implementation Guide V-241155CAT IITrend Deep Security must automatically audit account enabling actions.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242259CAT IThe TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252972CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-253024CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/group".Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-253025CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow".Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-253026CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/passwd".Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-253027CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/security/opasswd".Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-253028CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-253029CAT IITOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282353CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282354CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282355CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282356CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282357CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282358CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282359CAT IITOSS 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234465CAT IIThe UEM server must automatically audit account-enabling actions.Unified Endpoint Management Server Security Requirements Guide V-240499CAT IIThe SLES for vRealize must audit all account enabling actions.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239593CAT IIThe SLES for vRealize must audit all account enabling actions.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256518CAT IIThe Photon operating system must audit all account modifications.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-258868CAT IIThe Photon operating system must audit all account modifications.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207439CAT IIThe VMM must automatically audit account enabling actions.Virtual Machine Manager Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide