AC-2—Account Management

Define and document the types of accounts allowed and specifically prohibited for use within the system;

Assign account managers;

Require conditions for group and role membership;

Specify: Attribute Name Email Address Text Employer Name Federation Id Given Name Identity Provider Id Sur Name Telephone Number Identity Provider Id Unique Subject Id Counter Terrorism Data Self Search Home Privilege Indicator Criminal History Data Self Search Home Privilege Indicator Criminal Intelligence Data Self Search Home Privilege Indicator Criminal Investigative Data Self Search Home Privilege Indicator Display Name Government Data Self Search Home Privilege Indicator Local Id NCIC Certification Indicator N-DEx Privilege Indicator PCII Certification Indicator 28 CFR Certification Indicator Employer ORI Employer Organization General Category Code Employer State Code Public Safety Officer Indicator Sworn Law Enforcement Officer Indicator Authenticator Assurance Level Federation Assurance Level Identity Assurance Level Intelligence Analyst Indicator

Require approvals by organizational personnel with account management responsibilities for requests to create accounts;

Create, enable, modify, disable, and remove accounts in accordance with agency policy;

Monitor the use of accounts;

Notify account managers and system/network administrators within: 3

Authorize access to the system based on:

Review accounts for compliance with account management requirements at least annually;

Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and

Align account management processes with personnel termination and transfer processes.