Skip to main content

πŸ’Ό AC-2(7) Privileged User Accounts (M)(H)

  • Contextual name: πŸ’Ό AC-2(7) Privileged User Accounts (M)(H)
  • ID: /frameworks/fedramp-high-security-controls/ac/02/07
  • Located in: πŸ’Ό AC-2 Account Management (L)(M)(H)

Description​

(a) Establish and administer privileged user accounts in accordance with [Selection: Assignment: a role-based access scheme; an attribute-based access scheme];

(b) Monitor privileged role or attribute assignments;

(c) Monitor changes to roles or attributes; and

(d) Revoke access when privileged role or attribute assignments are no longer appropriate.

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/ac/02/07
  • Internal
    • ID: dec-c-e144afcf

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-2(7) Account Management _ Privileged User Accounts11

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AC-2(7) Privileged User Accounts (M)(H)7

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (7)​

PolicyLogic CountFlags
πŸ“ AWS Account IAM Access Analyzer is not enabled for all regions 🟒1🟒 x6
πŸ“ AWS Account Root User credentials were used is the last 30 days πŸ”΄πŸŸ’1πŸ”΄ x1, 🟒 x6
πŸ“ AWS EC2 Instance IAM role is not attached 🟒1🟒 x6
πŸ“ AWS IAM Policy allows full administrative privileges 🟒1🟒 x6
πŸ“ AWS IAM User has inline or directly attached policies 🟒1🟠 x1, 🟒 x5
πŸ“ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-6c93750d1
βœ‰οΈ dec-x-157aa4b91
βœ‰οΈ dec-x-4157c58a1
βœ‰οΈ dec-x-9002886f1
βœ‰οΈ dec-x-ab7fc52e1
βœ‰οΈ dec-x-dc359e591