CCI|CCI-001685

Title

The information system notifies organization-defined personnel or roles for account disabling actions.

Reference Item Details

Category: 2011

Audit Items

View all Reference Audit Items

NamePluginAudit Name
Big Sur - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Catalina - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
F5BI-DM-000159 - The BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are disabled.F5DISA F5 BIG-IP Device Management STIG v2r3
JUSX-DM-000060 - For local logging, the Juniper SRX Services Gateway must generate a message to the system management console when a log processing failure occurs.JuniperDISA Juniper SRX Services Gateway NDM v2r1
Monterey - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Configure the System to Notify upon Account Disabled ActionsUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
PHTN-67-000040 - The Photon operating system must configure rsyslog to offload system logs to a central server.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-09-654240 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
SLES-15-030000 - The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.UnixDISA SLES 15 STIG v1r12
SPLK-CL-000020 - Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) when account events are received (creation, deletion, modification, or disabling).SplunkDISA STIG Splunk Enterprise 8.x for Linux v1r5 STIG REST API
SPLK-CL-000200 - Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) when account events are received (creation, deletion, modification, disabling).SplunkDISA STIG Splunk Enterprise 7.x for Windows v2r4 REST API
SPLK-CL-000235 - Splunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only.SplunkDISA STIG Splunk Enterprise 7.x for Windows v2r4 REST API
VCSA-70-000123 - The vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action.VMwareDISA STIG VMware vSphere 7.0 vCenter v1r2