Capacity
CCI-001682
Automatically removes or disables emergency accounts after an organization-defined time period for each type of account.
11
Rule
Severity: Medium
Assign Expiration Date to Emergency Accounts
16
Rule
Severity: Medium
Assign Expiration Date to Temporary Accounts
2
Rule
Severity: Medium
Never Automatically Remove or Disable Emergency Administrator Accounts
2
Rule
Severity: Medium
AAA Services must be configured to prevent automatically removing emergency accounts.
2
Rule
Severity: Low
AAA Services must be configured to prevent automatically disabling emergency accounts.
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
1
Rule
Severity: Medium
The CA API Gateway must automatically remove or disable emergency accounts, except the emergency administration account, after 72 hours.
1
Rule
Severity: High
The storage system must be configured to have only 1 emergency account which can be accessed without LDAP, and which has full administrator capabilities.
1
Rule
Severity: Medium
IBM z/VM must remove or disable emergency accounts after the crisis is resolved or 72 hours.
2
Rule
Severity: Medium
The Mainframe Product must be configured such that emergency accounts are never automatically removed or disabled.
1
Rule
Severity: Low
Nutanix AOS must automatically remove or disable temporary user accounts after 72 hours.
2
Rule
Severity: Medium
Rancher MCM must never automatically remove or disable emergency accounts.
4
Rule
Severity: Medium
The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.
3
Rule
Severity: Medium
The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.
3
Rule
Severity: Low
The Ubuntu operating system must automatically expire temporary accounts within 72 hours.
2
Rule
Severity: Medium
The container platform must never automatically remove or disable emergency accounts.
2
Rule
Severity: Medium
The information system must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
2
Rule
Severity: Medium
The HPE 3PAR OS must be configured to have only one emergency account that can be accessed without LDAP and that has full administrator privileges.
2
Rule
Severity: Medium
The AIX system must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
2
Rule
Severity: Medium
IBM z/OS system administrator must develop a procedure to automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
2
Rule
Severity: Medium
IBM RACF emergency USERIDs must be properly defined.
1
Rule
Severity: Medium
The IBM z/OS System Administrator (SA) must develop a process to disable emergency accounts after the crisis is resolved or 72 hours.
3
Rule
Severity: Medium
IBM z/OS system administrator must develop a procedure to remove or disable emergency accounts after the crisis is resolved or 72 hours.
2
Rule
Severity: Medium
Windows Server 2016 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
2
Rule
Severity: Medium
Windows Server 2019 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
2
Rule
Severity: Medium
Windows Server 2022 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
2
Rule
Severity: Medium
The Oracle Linux operating system must automatically expire temporary accounts within 72 hours.
2
Rule
Severity: Medium
OL 8 must automatically expire temporary accounts within 72 hours.
2
Rule
Severity: Medium
RHEL 8 must automatically expire temporary accounts within 72 hours.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must automatically expire temporary accounts within 72 hours.
4
Rule
Severity: Medium
The SUSE operating system must never automatically remove or disable emergency administrator accounts.
2
Rule
Severity: Medium
RHEL 9 must automatically expire temporary accounts within 72 hours.
4
Rule
Severity: Medium
The SUSE operating system must automatically expire temporary accounts within 72 hours.
2
Rule
Severity: Medium
The VMM must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
4
Rule
Severity: Medium
The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.
3
Rule
Severity: Low
The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to automatically remove or disable emergency accounts after 72 hours.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must automatically expire temporary accounts within 72 hours.
1
Rule
Severity: Medium
The Dragos Platform must only allow local administrative and service user accounts.
1
Rule
Severity: Medium
The IBM z/OS system administrator (SA) must develop a process to disable emergency accounts after the crisis is resolved or 72 hours.
1
Rule
Severity: Medium
IBM z/OS system administrator (SA) must develop a procedure to remove or disable emergency accounts after the crisis is resolved or 72 hours.
1
Rule
Severity: Medium
SLEM 5 must automatically expire temporary accounts within 72 hours.
1
Rule
Severity: Medium
SLEM 5 must never automatically remove or disable emergency administrator accounts.
1
Rule
Severity: Medium
TOSS must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules