Skip to content
Log In

CCI-001686

The information system notifies organization-defined personnel or roles for account removal actions.

Record Events that Modify User/Group Information - /etc/group

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/gshadow

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/security/opasswd

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/passwd

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/shadow

6 rules found Severity: Medium

Logo

The A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are removed.

1 rule found Severity: Medium

Logo

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

Logo

The Akamai Luna Portal must generate alerts that can be forwarded to the SAs and ISSO when accounts are removed.

1 rule found Severity: Medium

Logo

The DataPower Gateway must generate alerts that can be forwarded to the administrators and ISSO when accounts are removed.

1 rule found Severity: Medium

Logo

The MQ Appliance network device must generate account activity alerts that are forwarded to the administrators and Information System Security Officer (ISSO). Activity includes, creation, removal, modification and re-enablement after being previously disabled.

1 rule found Severity: Medium

Logo

Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are removed.

1 rule found Severity: Low

Logo

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

1 rule found Severity: High

Logo

Tanium must notify System Administrators and Information System Security Officers for account removal actions.

1 rule found Severity: Medium

Logo

Tanium must notify SA and ISSO for account removal actions.

1 rule found Severity: Medium

Logo

Tanium must notify system administrators and ISSO for account removal actions.

1 rule found Severity: Medium

Logo

The Tanium Operating System (TanOS) must notify system administrators and ISSOs when accounts are removed.

1 rule found Severity: Medium

Logo

The BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are removed.

1 rule found Severity: Medium

Logo

AIX must provide audit record generation functionality for DoD-defined auditable events.

1 rule found Severity: Medium

Logo

MKE must be configured to integrate with an Enterprise Identity Provider.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

Splunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, disabling).

1 rule found Severity: Low

Logo

Splunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only.

1 rule found Severity: Low

Logo

Splunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, or disabling).

1 rule found Severity: Low

Logo

The Tanium Operating System (TanOS) must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are removed.

1 rule found Severity: Medium

Logo

Tanium must notify system administrators (SAs) and the information system security officer (ISSO) for account removal actions.

1 rule found Severity: Medium

Logo

Tanium must notify system administrators and the information system security officer (ISSO) for account removal actions.

1 rule found Severity: Medium

Logo

The application must notify system administrators (SAs) and information system security officers (ISSOs) of account removal actions.

1 rule found Severity: Low

Logo

The Dragos Platform must notify system administrators and information system security officer (ISSO) of local account activity.

1 rule found Severity: Medium

Logo

In the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally.

1 rule found Severity: Medium

Logo

Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.

1 rule found Severity: Medium

Logo

OpenShift must generate audit rules to capture account related actions.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

The ESXi host must offload logs via syslog.

1 rule found Severity: Medium

Logo

The ESXi host must off-load logs via syslog.

1 rule found Severity: Medium

Logo

The vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.

3 rules found Severity: Medium

Logo