💼 AC-2(7) Privileged User Accounts (M)(H)

Contextual name: 💼 AC-2(7) Privileged User Accounts (M)(H)
ID: /frameworks/fedramp-moderate-security-controls/ac/02/07
Located in: 💼 AC-2 Account Management (L)(M)(H)

Description

(a) Establish and administer privileged user accounts in accordance with [Selection: Assignment: a role-based access scheme; an attribute-based access scheme];

(b) Monitor privileged role or attribute assignments;

(d) Revoke access when privileged role or attribute assignments are no longer appropriate.

Similar

Sections
- /frameworks/fedramp-high-security-controls/ac/02/07
Internal
- ID: dec-c-e144afcf

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 AC-2(7) Privileged User Accounts (M)(H)		6	7

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (7)

Policy	Logic Count	Flags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢	1	🟢 x6
📝 AWS Account Root User credentials were used is the last 30 days 🟢	1	🟢 x6
📝 AWS EC2 Instance IAM role is not attached 🟢	1	🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢	1	🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢	1	🟢 x6

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (7)​

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (7)