Skip to content
Log In

CCI-002132

The information system notifies organization-defined personnel or roles for account enabling actions.

Record Events that Modify User/Group Information - /etc/group

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/gshadow

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/security/opasswd

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/passwd

6 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/shadow

6 rules found Severity: Medium

Logo

Ensure auditd Collects System Administrator Actions - /etc/sudoers

2 rules found Severity: Medium

Logo

Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/

1 rule found Severity: Medium

Logo

The A10 Networks ADC must notify System Administrators (SAs) and Information System Security Officers (ISSMs) when accounts are created, or enabled when previously disabled.

1 rule found Severity: Medium

Logo

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

Logo

The Akamai Luna Portal must notify the SAs and ISSO when accounts are created, or enabled when previously disabled.

1 rule found Severity: Medium

Logo

The CA API Gateway must notify System Administrators (SAs) and Information System Security Officers (ISSMs) when accounts are created, or enabled when previously disabled.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate an immediate alert for account enabling actions.

1 rule found Severity: Medium

Logo

The DataPower Gateway must generate an immediate alert for account enabling actions.

1 rule found Severity: Medium

Logo

The MQ Appliance network device must generate account activity alerts that are forwarded to the administrators and Information System Security Officer (ISSO). Activity includes, creation, removal, modification and re-enablement after being previously disabled.

1 rule found Severity: Medium

Logo

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

1 rule found Severity: High

Logo

Tanium must notify the SA and ISSO of account enabling actions.

1 rule found Severity: Medium

Logo

The Tanium application must notify SA and ISSO of account enabling actions.

1 rule found Severity: Medium

Logo

Tanium must notify system administrator and ISSO of account enabling actions.

1 rule found Severity: Medium

Logo

Tanium must audit and notify system administrators and ISSOs when accounts are enabled.

1 rule found Severity: Medium

Logo

The BIG-IP appliance must be configured to generate an immediate alert for account-enabling actions.

1 rule found Severity: Medium

Logo

AIX must provide audit record generation functionality for DoD-defined auditable events.

1 rule found Severity: Medium

Logo

MKE must be configured to integrate with an Enterprise Identity Provider.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

Tanium must audit and notify system administrators (SAs) and information system security officers (ISSOs) when accounts are enabled.

1 rule found Severity: Medium

Logo

Tanium must notify the system administrator (SA) and information system security officer (ISSO) of account enabling actions.

1 rule found Severity: Medium

Logo

Tanium must notify the system administrator and information system security officer (ISSO) of account enabling actions.

1 rule found Severity: Medium

Logo

The application must notify system administrators (SAs) and information system security officers (ISSOs) of account enabling actions.

1 rule found Severity: Low

Logo

The Juniper SRX Services Gateway must be configured to use a centralized authentication server to authenticate privileged users for remote and nonlocal access for device management.

1 rule found Severity: High

Logo

OpenShift must generate audit rules to capture account related actions.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/shadow".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/passwd".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/gshadow".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/group".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.

1 rule found Severity: Medium

Logo

The vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.

3 rules found Severity: Medium

Logo