>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-2Account Management

>Control Description

a

Define and document the types of accounts allowed and specifically prohibited for use within the system;

b

Assign account managers;

c

Require organization-defined prerequisites and criteria for group and role membership;

d

Specify:

1.

Authorized users of the system;

2.

Group and role membership; and

3.

Access authorizations (i.e., privileges) and organization-defined attributes (as required) for each account;

e

Require approvals by organization-defined personnel or roles for requests to create accounts;

f

Create, enable, modify, disable, and remove accounts in accordance with organization-defined policy, procedures, prerequisites, and criteria;

g

Monitor the use of accounts;

h

Notify account managers and organization-defined personnel or roles within:

1.

organization-defined time period when accounts are no longer required;

2.

organization-defined time period when users are terminated or transferred; and

3.

organization-defined time period when system usage or need-to-know changes for an individual;

i

Authorize access to the system based on:

1.

A valid access authorization;

2.

Intended system usage; and

3.

organization-defined attributes (as required);

j

Review accounts for compliance with account management requirements organization-defined frequency;

k

Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and

l

Align account management processes with personnel termination and transfer processes.

>Related Controls

AC-3
AC-5
AC-6
AC-17
AC-18
AC-20
AC-24
AU-2
AU-12
CM-5
IA-2
IA-4
IA-5
IA-8
MA-3
MA-5
PE-2
PL-4
PS-2
PS-4
PS-5
PS-7
PT-2
PT-3
SC-7
SC-12
SC-13
SC-37

Ask AI

Configure your API key to use AI features.