STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← AC-2 (10) — Account Management

CCI-002142

Definition

The information system terminates shared/group account credentials when members leave the group.

Parent Control

AC-2 (10)Account ManagementAccess Control

Linked STIG Checks (21)

V-255606CAT IIWhen anyone who has access to the emergency administration account no longer requires access to it or leaves the organization, the password for the emergency administration account must be changed.A10 Networks ADC NDM Security Technical Implementation GuideV-222408CAT IIShared/group account credentials must be terminated when members leave the group.Application Security and Development Security Technical Implementation GuideV-237337CAT IThe ArcGIS Server Windows authentication must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.ArcGIS for Server 10.3 Security Technical Implementation GuideV-242608CAT IIThe Cisco ISE must change the password for the local CLI and web-based account when members who have access to the password leave the role and are no longer authorized access.Cisco ISE NDM Security Technical Implementation GuideV-270910CAT IIDragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.Dragos Platform 2.x Security Technical Implementation GuideV-266065CAT IIThe F5 BIG-IP appliance must terminate shared/group account credentials when members leave the group.F5 BIG-IP TMOS NDM Security Technical Implementation GuideV-255661CAT IIThe network device must terminate shared/group account credentials when members leave the group.ForeScout CounterACT NDM Security Technical Implementation GuideV-230931CAT IIForescout must terminate the account of last resort password when members with access to the password leave the group.Forescout Network Device Management Security Technical Implementation GuideV-255756CAT IIThe MQ Appliance network device must terminate shared/group account credentials when members leave the group.IBM MQ Appliance v9.0 NDM Security Technical Implementation GuideV-253946CAT IIThe Juniper EX switch must change credentials for account of last resort when administrators who know the credential leave the organization.Juniper EX Series Switches Network Device Management Security Technical Implementation GuideV-237423CAT IIMembers of the SCOM Administrators Group must be reviewed to ensure access is still required.Microsoft SCOM Security Technical Implementation GuideV-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation GuideV-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation GuideV-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation GuideV-240988CAT IIThe Tanium Server must be configured with a connector to sync to Microsoft Active Directory for account management functions, must isolate security functions from non-security functions, and must terminate shared/group account credentials when members leave the group.Tanium 7.0 Security Technical Implementation GuideV-234048CAT IIThe Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.Tanium 7.3 Security Technical Implementation GuideV-254904CAT IIThe Tanium cryptographic signing capabilities must be enabled on the Tanium Server.Tanium 7.x Application on TanOS Security Technical Implementation GuideV-254928CAT IIThe Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.Tanium 7.x Application on TanOS Security Technical Implementation GuideV-253815CAT IIThe Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.Tanium 7.x Security Technical Implementation GuideV-253845CAT IIThe Tanium cryptographic signing capabilities must be enabled on the Tanium Server.Tanium 7.x Security Technical Implementation GuideV-242260CAT IIThe password for the local account of last resort and the device password (if configured) must be changed when members who had access to the password leave the role and are no longer authorized access.Trend Micro TippingPoint NDM Security Technical Implementation Guide