| SLES-15-030000 | V1R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| SLES-15-030010 | V1R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| SLES-15-030020 | V1R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| SLES-15-030030 | V1R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | |
| SLES-15-030040 | V1R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| WN19-AU-000100 | V3R1 | Windows Server 2019 must be configured to audit Account Management - Security Group Management successes. | |
| WN19-AU-000110 | V3R1 | Windows Server 2019 must be configured to audit Account Management - User Account Management successes. | |
| WN19-AU-000120 | V3R1 | Windows Server 2019 must be configured to audit Account Management - User Account Management failures. | |
| WN19-DC-000230 | V3R1 | Windows Server 2019 must be configured to audit Account Management - Computer Account Management successes. | |
| UBTU-20-010100 | V1R6 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| UBTU-20-010101 | V1R6 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| UBTU-20-010102 | V1R6 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| UBTU-20-010103 | V1R6 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| UBTU-20-010104 | V1R6 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | |
| APPL-14-001001 | V1R1 | The macOS system must be configured to audit all administrative action events. | |
| APPL-13-001001 | V1R5 | The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions. | |
| OL07-00-030870 | V3R1 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| OL07-00-030871 | V3R1 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| OL07-00-030872 | V3R1 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| OL07-00-030873 | V3R1 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| OL07-00-030874 | V3R1 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | |
| RHEL-07-030870 | V3R6 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| RHEL-07-030871 | V3R6 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| RHEL-07-030872 | V3R6 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| RHEL-07-030873 | V3R6 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| RHEL-07-030874 | V3R6 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | |
| SLES-12-020200 | V3R1 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| SLES-12-020210 | V3R1 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| SLES-12-020220 | V3R1 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| SLES-12-020230 | V3R1 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | |
| SLES-12-020590 | V3R1 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| APPL-15-001001 | V1R1 | The macOS system must be configured to audit all administrative action events. | |
| ALMA-09-004970 | V1R1 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | |
| ALMA-09-005080 | V1R1 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| ALMA-09-005190 | V1R1 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| ALMA-09-005300 | V1R1 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | |
| ALMA-09-005410 | V1R1 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| ALMA-09-005960 | V1R1 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| ALMA-09-006070 | V1R1 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/ | |
| OL08-00-030130 | V1R6 | OL 8 must generate audit records for all account creation events that affect "/etc/shadow". | |
| OL08-00-030140 | V1R6 | OL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd". | |
| OL08-00-030150 | V1R6 | OL 8 must generate audit records for all account creation events that affect "/etc/passwd". | |
| OL08-00-030160 | V1R6 | OL 8 must generate audit records for all account creation events that affect "/etc/gshadow". | |
| OL08-00-030170 | V1R6 | OL 8 must generate audit records for all account creation events that affect "/etc/group". | |
| OL08-00-030171 | V1R6 | OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers". | |
| OL08-00-030172 | V1R6 | OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/". | |
| OL09-00-000500 | V1R1 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | |
| OL09-00-000505 | V1R1 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory. | |
| OL09-00-000510 | V1R1 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| OL09-00-000515 | V1R1 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| OL09-00-000520 | V1R1 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | |
| OL09-00-000525 | V1R1 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| OL09-00-000530 | V1R1 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| UBTU-24-200280 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| UBTU-24-200290 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| UBTU-24-200300 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| UBTU-24-200310 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| UBTU-24-200320 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | |
| UBTU-22-654130 | V1R1 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| UBTU-22-654135 | V1R1 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| UBTU-22-654140 | V1R1 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | |
| UBTU-22-654145 | V1R1 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| UBTU-22-654150 | V1R1 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| RHEL-09-654215 | V2R5 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | |
| RHEL-09-654220 | V2R5 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory. | |
| RHEL-09-654225 | V2R5 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | |
| RHEL-09-654230 | V2R5 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | |
| RHEL-09-654235 | V2R5 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | |
| RHEL-09-654240 | V2R5 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | |
| RHEL-09-654245 | V2R5 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | |
| WN10-AU-000030 | V3R1 | The system must be configured to audit Account Management - Security Group Management successes. | |
| WN10-AU-000035 | V3R1 | The system must be configured to audit Account Management - User Account Management failures. | |
| WN10-AU-000040 | V3R1 | The system must be configured to audit Account Management - User Account Management successes. | |
| WN16-AU-000120 | V2R9 | Windows Server 2016 must be configured to audit Account Management - Security Group Management successes. | |
| WN16-AU-000140 | V2R9 | Windows Server 2016 must be configured to audit Account Management - User Account Management successes. | |
| WN16-AU-000150 | V2R9 | Windows Server 2016 must be configured to audit Account Management - User Account Management failures. | |
| WN16-DC-000230 | V2R9 | Windows Server 2016 must be configured to audit Account Management - Computer Account Management successes. | |
| WN22-AU-000100 | V2R5 | Windows Server 2022 must be configured to audit Account Management - Security Group Management successes. | |
| WN22-AU-000110 | V2R5 | Windows Server 2022 must be configured to audit Account Management - User Account Management successes. | |
| WN22-AU-000120 | V2R5 | Windows Server 2022 must be configured to audit Account Management - User Account Management failures. | |
| WN22-DC-000230 | V2R5 | Windows Server 2022 must be configured to audit Account Management - Computer Account Management successes. | |