STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Virtual Machine Manager Security Requirements Guide

V-207439

CAT II (Medium)

The VMM must automatically audit account enabling actions.

Rule ID

SV-207439r958684_rule

STIG

Virtual Machine Manager Security Requirements Guide

Version

V2R3

CCIs

CCI-002130

Discussion

Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply enable a new or disabled account. Notification of account enabling is one method for mitigating this risk. To address access requirements, many VMMs can be integrated with enterprise-level authentication/access/auditing mechanisms that meet or exceed access control policy requirements.

Check Content

Verify the VMM automatically audits account enabling actions.

If it does not, this is a finding.

Fix Text

Configure the VMM to automatically audit account enabling actions.