Skip to main content

πŸ’Ό AC-2 ACCOUNT MANAGEMENT

  • Contextual name: πŸ’Ό AC-2 ACCOUNT MANAGEMENT
  • ID: /frameworks/nist-sp-800-53-r4/ac/02
  • Located in: πŸ’Ό AC ACCESS CONTROL

Description​

The organization: AC-2a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types]; AC-2b. Assigns account managers for information system accounts; AC-2c. Establishes conditions for group and role membership; AC-2d. Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account; AC-2e. Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts; AC-2f. Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions]; AC-2g. Monitors the use of information system accounts; AC-2h. Notifies account managers: AC-2h.1. When accounts are no longer required; AC-2h.2. When users are terminated or transferred; and AC-2h.3. When individual information system usage or need-to-know changes; AC-2i. Authorizes access to the information system based on: AC-2i.1. A valid access authorization; AC-2i.2. Intended system usage; and AC-2i.3. Other attributes as required by the organization or associated missions/business functions; AC-2j. Reviews accounts for compliance with account management requirements [Assignment: organization-defined frequency]; and AC-2k. Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.

Similar​

  • Internal
    • ID: dec-c-30bc0636

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.CM-1: The network is monitored to detect potential cybersecurity events1928
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events2124
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties1735
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions48

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AC-2 (1) AUTOMATED SYSTEM ACCOUNT MANAGEMENT
πŸ’Ό AC-2 (2) REMOVAL OF TEMPORARY _ EMERGENCY ACCOUNTS
πŸ’Ό AC-2 (3) DISABLE INACTIVE ACCOUNTS
πŸ’Ό AC-2 (4) AUTOMATED AUDIT ACTIONS
πŸ’Ό AC-2 (5) INACTIVITY LOGOUT
πŸ’Ό AC-2 (6) DYNAMIC PRIVILEGE MANAGEMENT
πŸ’Ό AC-2 (7) ROLE-BASED SCHEMES11
πŸ’Ό AC-2 (8) DYNAMIC ACCOUNT CREATION
πŸ’Ό AC-2 (9) RESTRICTIONS ON USE OF SHARED _ GROUP ACCOUNTS
πŸ’Ό AC-2 (10) SHARED _ GROUP ACCOUNT CREDENTIAL TERMINATION
πŸ’Ό AC-2 (11) USAGE CONDITIONS
πŸ’Ό AC-2 (12) ACCOUNT MONITORING _ ATYPICAL USAGE
πŸ’Ό AC-2 (13) DISABLE ACCOUNTS FOR HIGH-RISK INDIVIDUALS

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS IAM User has inline or directly attached policies 🟒1🟠 x1, 🟒 x5

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-4157c58a1