CCI|CCI-000015

Title

Support the management of system accounts using (organization-defined automated mechanisms).

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-001000 - AIX /etc/security/mkuser.sys.custom file must not exist unless it is needed for customizing a new user account.UnixDISA STIG AIX 7.x v3r1
AIX7-00-001015 - The shipped /etc/security/mkuser.sys file on AIX must not be customized directly.UnixDISA STIG AIX 7.x v3r1
AIX7-00-001016 - The regular users default primary group must be staff (or equivalent) on AIX.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events.UnixDISA STIG AIX 7.x v3r1
Big Sur - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
CD12-00-000500 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CNTR-K8-000220 - The Kubernetes Controller Manager must create unique service accounts for each work payload.UnixDISA STIG Kubernetes v2r2
CNTR-R2-000030 RKE2 must use a centralized user management solution to support account management functions.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DB2X-00-000300 - DB2 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principalsUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-000300 - DB2 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principalsWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-000300 - DB2 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals - ldap enabledIBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
EP11-00-000700 - The EDB Postgres Advanced Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-000700 - The EDB Postgres Advanced Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.UnixEnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
ESXI-80-000114 The ESXi host must offload logs via syslog.VMwareDISA VMware vSphere 8.0 ESXi STIG v2r1
F5BI-DM-000013 - The BIG-IP appliance must provide automated support for account management functions.F5DISA F5 BIG-IP Device Management STIG v2r3
JUSX-DM-000060 - For local logging, the Juniper SRX Services Gateway must generate a message to the system management console when a log processing failure occurs.JuniperDISA Juniper SRX Services Gateway NDM v3r2
JUSX-DM-000061 - In the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally.JuniperDISA Juniper SRX Services Gateway NDM v3r2
JUSX-DM-000097 - The Juniper SRX Services Gateway must be configured to use a centralized authentication server to authenticate privileged users for remote and nonlocal access for device management.JuniperDISA Juniper SRX Services Gateway NDM v3r2
MADB-10-000200 - MariaDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.MySQLDBDISA MariaDB Enterprise 10.x v2r2 DB
MD3X-00-000010 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-001600 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD7X-00-000200 MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.UnixDISA MongoDB Enterprise Advanced 7.x STIG v1r1
Monterey - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Employ Automated Mechanisms for Account Management FunctionsUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
MYS8-00-000100 - MySQL Database Server 8.0 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
O112-C2-001800 - The system must employ automated mechanisms for supporting Oracle user account management.OracleDBDISA STIG Oracle 11.2g v2r5 Database
O121-C2-001800 - The system must employ automated mechanisms for supporting Oracle user account management.OracleDBDISA STIG Oracle 12c v3r2 Database
OL08-00-030130 - OL 8 must generate audit records for all account creation events that affect '/etc/shadow'.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-030140 - OL 8 must generate audit records for all account creation events that affect '/etc/security/opasswd'.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-030150 - OL 8 must generate audit records for all account creation events that affect '/etc/passwd'.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-030160 - OL 8 must generate audit records for all account creation events that affect '/etc/gshadow'.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-030170 - OL 8 must generate audit records for all account creation events that affect '/etc/group'.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-030171 - OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect '/etc/sudoers'.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-030172 - OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect '/etc/sudoers.d/'.UnixDISA Oracle Linux 8 STIG v2r2