800-53|AC-2f.

Title

ACCOUNT MANAGEMENT

Description

Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions];

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4 Use non-default account namesWindowsCIS IBM DB2 v10 v1.1.0 Windows OS Level 1
1.4 Use non-default account namesWindowsCIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows
1.4 Use non-default account namesWindowsCIS IBM DB2 v10 v1.1.0 Windows OS Level 2
1.4 Use non-default account namesUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
1.4 Use non-default account namesUnixCIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux
1.6 Ensure Warn users before password expiration is set to 7 daysCheckPointCIS Check Point Firewall L1 v1.1.0
1.7 Ensure Lockout users after password expiration is set to 1CheckPointCIS Check Point Firewall L1 v1.1.0
1.8 Ensure Deny access to unused accounts is selectedCheckPointCIS Check Point Firewall L1 v1.1.0
1.9 Ensure Days of non-use before lock-out is set to 30CheckPointCIS Check Point Firewall L1 v1.1.0
2.3 Lock the BIND User AccountUnixCIS BIND DNS v3.0.1 Caching Only Name Server
2.3 Lock the BIND User AccountUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
2.3 Lock the BIND User AccountUnixCIS BIND DNS v3.0.1 Authoritative Name Server
2.3 Lock the BIND User AccountUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
2.14 Oracle Installation - 'Oracle software owner account name NOT oracle'UnixCIS v1.1.0 Oracle 11g OS L2
4.3 Review Users, Groups, and Roles - Users listWindowsCIS IBM DB2 v10 v1.1.0 Windows OS Level 2
4.3 Review Users, Groups, and Roles - Users listWindowsCIS IBM DB2 v10 v1.1.0 Windows OS Level 1
5.4.9 Ensure there are no unnecessary accountsUnixCIS Amazon Linux 2 STIG v1.0.0 L3
6.2.20 Ensure shadow group is emptyUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.2.20 Ensure shadow group is emptyUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
6.2.20 Ensure shadow group is emptyUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.2.20 Ensure shadow group is emptyUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
9.3 Verify System Account Default Passwords - lockedUnixCIS Solaris 11.2 L1 v1.1.0
9.3 Verify System Account Default Passwords - lockedUnixCIS Solaris 11.1 L1 v1.0.0
9.3 Verify System Account Default Passwords - lockedUnixCIS Solaris 11 L1 v1.1.0
13.20 Ensure shadow group is emptyUnixCIS Debian Linux 7 L1 v1.0.0
13.20 Ensure shadow group is empty - No users in the 'Shadow' GroupUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
13.20 Ensure shadow group is empty - No users with 'Shadow' as their Primary GroupUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
Disabling the admin accountF5Tenable F5 BIG-IP Best Practice Audit
Ensure shadow group is emptyUnixTenable Cisco Firepower Management Center OS Best Practices Audit