💼 AC-2 ACCOUNT MANAGEMENT
- ID:
/frameworks/nist-sp-800-53-r4/ac/02
Description
The organization: AC-2a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types]; AC-2b. Assigns account managers for information system accounts; AC-2c. Establishes conditions for group and role membership; AC-2d. Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account; AC-2e. Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts; AC-2f. Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions]; AC-2g. Monitors the use of information system accounts; AC-2h. Notifies account managers: AC-2h.1. When accounts are no longer required; AC-2h.2. When users are terminated or transferred; and AC-2h.3. When individual information system usage or need-to-know changes; AC-2i. Authorizes access to the information system based on: AC-2i.1. A valid access authorization; AC-2i.2. Intended system usage; and AC-2i.3. Other attributes as required by the organization or associated missions/business functions; AC-2j. Reviews accounts for compliance with account management requirements [Assignment: organization-defined frequency]; and AC-2k. Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.
Similar
- Internal
- ID:
dec-c-30bc0636
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 DE.CM-1: The network is monitored to detect potential cybersecurity events | 18 | 63 | no data | ||
| 💼 NIST CSF v1.1 → 💼 DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events | 20 | 26 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes | 19 | 34 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties | 17 | 56 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions | 4 | 13 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 AC-2 (1) AUTOMATED SYSTEM ACCOUNT MANAGEMENT | no data | ||||
| 💼 AC-2 (2) REMOVAL OF TEMPORARY _ EMERGENCY ACCOUNTS | no data | ||||
| 💼 AC-2 (3) DISABLE INACTIVE ACCOUNTS | no data | ||||
| 💼 AC-2 (4) AUTOMATED AUDIT ACTIONS | no data | ||||
| 💼 AC-2 (5) INACTIVITY LOGOUT | no data | ||||
| 💼 AC-2 (6) DYNAMIC PRIVILEGE MANAGEMENT | no data | ||||
| 💼 AC-2 (7) ROLE-BASED SCHEMES | 2 | 2 | no data | ||
| 💼 AC-2 (8) DYNAMIC ACCOUNT CREATION | no data | ||||
| 💼 AC-2 (9) RESTRICTIONS ON USE OF SHARED _ GROUP ACCOUNTS | no data | ||||
| 💼 AC-2 (10) SHARED _ GROUP ACCOUNT CREDENTIAL TERMINATION | no data | ||||
| 💼 AC-2 (11) USAGE CONDITIONS | no data | ||||
| 💼 AC-2 (12) ACCOUNT MONITORING _ ATYPICAL USAGE | no data | ||||
| 💼 AC-2 (13) DISABLE ACCOUNTS FOR HIGH-RISK INDIVIDUALS | no data |
Policies (4)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS IAM User has inline or directly attached policies🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud Audit Logging is not configured properly🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Storage Bucket is anonymously or publicly accessible🟢 | 1 | 🟢 x6 | no data |
Internal Rules
| Rule | Policies | Flags |
|---|---|---|
| ✉️ dec-x-4157c58a | 1 |