Capacity
CCI-001405
Automatically audit account removal actions.
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
2
Rule
Severity: Medium
AAA Services must be configured to automatically audit account removal actions.
1
Rule
Severity: Medium
The Akamai Luna Portal must automatically audit account removal actions.
1
Rule
Severity: Medium
The Arista Multilayer Switch must automatically audit account removal actions.
2
Rule
Severity: Medium
The Arista network device must be configured to audit all administrator activity.
2
Rule
Severity: Medium
The application must automatically audit account removal actions.
2
Rule
Severity: Medium
The Central Log Server must automatically audit account removal actions.
1
Rule
Severity: Medium
The DBN-6300 must automatically audit account removal actions.
1
Rule
Severity: Medium
The FortiGate device must automatically audit account removal actions.
1
Rule
Severity: Medium
The HP FlexFabric Switch must automatically audit account removal actions.
1
Rule
Severity: Medium
The HYCU server must initiate session auditing upon startup and produce audit log records containing sufficient information to establish what type of event occurred.
1
Rule
Severity: Medium
CA VM:Secure product must be installed and operating.
2
Rule
Severity: Medium
The Juniper router must be configured to automatically audit account removal actions.
2
Rule
Severity: Medium
For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account removal events.
2
Rule
Severity: Medium
The Mainframe Product must automatically audit account removal actions.
2
Rule
Severity: Medium
The network device must automatically audit account removal actions.
1
Rule
Severity: Medium
Nutanix AOS must audit all account actions.
2
Rule
Severity: High
The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
1
Rule
Severity: Low
Riverbed Optimization System (RiOS) must automatically generate a log event for account removal actions.
2
Rule
Severity: Medium
The UEM server must automatically audit account removal actions.
1
Rule
Severity: Medium
The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.
3
Rule
Severity: Medium
The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.
3
Rule
Severity: Medium
The macOS system must be configured to audit all administrative action events.
3
Rule
Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
3
Rule
Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
3
Rule
Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
3
Rule
Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1
Rule
Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
2
Rule
Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
2
Rule
Severity: Medium
The Cisco ASA must be configured to automatically audit account removal actions.
4
Rule
Severity: Medium
The Cisco router must be configured to automatically audit account removal actions.
6
Rule
Severity: Medium
The Cisco switch must be configured to automatically audit account removal actions.
2
Rule
Severity: Medium
For the local account of last resort, the Cisco ISE must automatically audit account removal actions.
2
Rule
Severity: Medium
The container platform must automatically audit account removal actions.
2
Rule
Severity: Medium
The operating system must audit all account removal actions.
2
Rule
Severity: Medium
AIX must provide audit record generation functionality for DoD-defined auditable events.
2
Rule
Severity: Medium
IBM z/OS Required SMF data record types must be collected.
2
Rule
Severity: Medium
IBM RACF SETROPTS LOGOPTIONS must be properly configured.
4
Rule
Severity: Medium
IBM z/OS required SMF data record types must be collected.
2
Rule
Severity: Medium
The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.
2
Rule
Severity: Medium
The system must be configured to audit Account Management - Security Group Management successes.
2
Rule
Severity: Medium
The system must be configured to audit Account Management - User Account Management failures.
2
Rule
Severity: Medium
The system must be configured to audit Account Management - User Account Management successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Account Management - Security Group Management successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Account Management - User Account Management successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Account Management - User Account Management failures.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Account Management - Computer Account Management successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Account Management - Security Group Management successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Account Management - User Account Management successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Account Management - User Account Management failures.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Account Management - Computer Account Management successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Account Management - Security Group Management successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Account Management - User Account Management successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Account Management - User Account Management failures.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Account Management - Computer Account Management successes.
2
Rule
Severity: Medium
The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
2
Rule
Severity: Medium
OL 8 must generate audit records for all account creation events that affect "/etc/gshadow".
2
Rule
Severity: Medium
Open Shift must automatically audit account removal actions.
2
Rule
Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
2
Rule
Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.
2
Rule
Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
2
Rule
Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
2
Rule
Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
2
Rule
Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
2
Rule
Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
4
Rule
Severity: Medium
The operating system must automatically audit account termination.
2
Rule
Severity: Medium
The VMM must automatically audit account removal actions.
4
Rule
Severity: Medium
The Photon operating system must audit all account removal actions.
1
Rule
Severity: Medium
The BIG-IP appliance must automatically audit account removal actions.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1
Rule
Severity: Medium
The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.
1
Rule
Severity: Medium
Audit logging must be enabled on MKE.
1
Rule
Severity: Medium
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1
Rule
Severity: Medium
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
1
Rule
Severity: Medium
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1
Rule
Severity: Medium
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1
Rule
Severity: Medium
TOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1
Rule
Severity: Medium
TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules