AC-2(7)—Account Management
PBMM (P2)
Secret (P2)
Technical
>Control Description
ACCOUNT MANAGEMENT | ROLE-BASED SCHEMES (a) The organization establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles; (b) The organization monitors privileged role assignments; and (c) The organization takes ⚙organization-defined actions when privileged role assignments are no longer appropriate.
>Supplemental Guidance
Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. These privileged roles include, for example, key management, account management, network and system administration, database administration, and web administration.
>Tailoring Guidance
This security control/enhancement can be met using readily available Commercial-Off-The-Shelf (COTS) components, and is considered to be best practice. Consequently, inclusion of this security control/enhancement is strongly encouraged in most cases. The minimization of administrative privileges is an account management best-practice.
Ask AI
Configure your API key to use AI features.