CCI-001405
Automatically audit account removal actions.
26 rules found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The HYCU server must initiate session auditing upon startup and produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Medium
Riverbed Optimization System (RiOS) must automatically generate a log event for account removal actions.
1 rule found Severity: Low
The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.
1 rule found Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
2 rules found Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
2 rules found Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
2 rules found Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
2 rules found Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
1 rule found Severity: Medium
1 rule found Severity: Medium
The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
1 rule found Severity: Medium
1 rule found Severity: Medium
3 rules found Severity: Medium
For the local account of last resort, the Cisco ISE must automatically audit account removal actions.
1 rule found Severity: Medium
The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.
1 rule found Severity: Medium
1 rule found Severity: Medium
The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.
1 rule found Severity: Medium
Windows Server 2016 must be configured to audit Account Management - Security Group Management successes.
1 rule found Severity: Medium
Windows Server 2016 must be configured to audit Account Management - User Account Management successes.
1 rule found Severity: Medium
Windows Server 2016 must be configured to audit Account Management - User Account Management failures.
1 rule found Severity: Medium
Windows Server 2016 must be configured to audit Account Management - Computer Account Management successes.
1 rule found Severity: Medium
The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1 rule found Severity: Medium
The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
1 rule found Severity: High
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1 rule found Severity: Medium
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
1 rule found Severity: Medium
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1 rule found Severity: Medium
SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1 rule found Severity: Medium
TOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1 rule found Severity: Medium
TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
9 rules found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account removal events.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
Windows Server 2019 must be configured to audit Account Management - Security Group Management successes.
1 rule found Severity: Medium
Windows Server 2019 must be configured to audit Account Management - User Account Management successes.
1 rule found Severity: Medium
Windows Server 2019 must be configured to audit Account Management - User Account Management failures.
1 rule found Severity: Medium
Windows Server 2019 must be configured to audit Account Management - Computer Account Management successes.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
Windows Server 2022 must be configured to audit Account Management - Security Group Management successes.
1 rule found Severity: Medium
Windows Server 2022 must be configured to audit Account Management - User Account Management successes.
1 rule found Severity: Medium
Windows Server 2022 must be configured to audit Account Management - User Account Management failures.
1 rule found Severity: Medium
Windows Server 2022 must be configured to audit Account Management - Computer Account Management successes.
1 rule found Severity: Medium
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1 rule found Severity: Medium