💼 AC-2(3) Disable Accounts (M)(H)
- Contextual name: 💼 AC-2(3) Disable Accounts (M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/ac/02/03 - Located in: 💼 AC-2 Account Management (L)(M)(H)
Description
Disable accounts within [FedRAMP Assignment: twenty-four (24) hours for user accounts] when the accounts:
(a) Have expired;
(b) Are no longer associated with a user or individual;
(c) Are in violation of organizational policy; or
(d) Have been inactive for [FedRAMP Assignment: ninety (90) days (See additional requirements and guidance.)].
AC-2 (3) Additional FedRAMP Requirements and Guidance:
Guidance: For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/
Requirement: The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available.
(d) Requirement: The service provider defines the time period of inactivity for device identifiers.
Similar
- Sections
/frameworks/fedramp-high-security-controls/ac/02/03
- Internal
- ID:
dec-c-d2ce49f8
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 AC-2(3) Disable Accounts (M)(H) | 4 |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|