Skip to main content

💼 AC-2(7) Privileged User Accounts (M)(H)

  • Contextual name: 💼 AC-2(7) Privileged User Accounts (M)(H)
  • ID: /frameworks/fedramp-high-security-controls/ac/02/07
  • Located in: 💼 AC-2 Account Management (L)(M)(H)

Description

(a) Establish and administer privileged user accounts in accordance with [Selection: Assignment: a role-based access scheme; an attribute-based access scheme];

(b) Monitor privileged role or attribute assignments;

(c) Monitor changes to roles or attributes; and

(d) Revoke access when privileged role or attribute assignments are no longer appropriate.

Similar

  • Sections
    • /frameworks/nist-sp-800-53-r5/ac/02/07
  • Internal
    • ID: dec-c-e144afcf

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(7) Account Management _ Privileged User Accounts11

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP Moderate Security Controls → 💼 AC-2(7) Privileged User Accounts (M)(H)7

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (7)

PolicyLogic CountFlags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢1🟢 x6
📝 AWS Account Root User credentials were used is the last 30 days 🟢1🟢 x6
📝 AWS EC2 Instance IAM role is not attached 🟢1🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢1🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢1🟠 x1, 🟢 x5
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-6c93750d1
✉️ dec-x-157aa4b91
✉️ dec-x-4157c58a1
✉️ dec-x-9002886f1
✉️ dec-x-ab7fc52e1
✉️ dec-x-dc359e591