An error occurred:

© 2025 Xylok, LLC

Version: features-advanced-collector-898c2c - rmfrev4

Navigate

CCI-000012

CCI-000012 Definition

Review accounts for compliance with account management requirements per organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000012.

Control

Description

The organization:

a: Identifies and selects the following types of information system accounts to support organizational missions/business functions: [one of ];

b: Assigns account managers for information system accounts;

c: Establishes conditions for group and role membership;

d: Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account;

e: Requires approvals by [one of ] for requests to create information system accounts;

f: Creates, enables, modifies, disables, and removes information system accounts in accordance with [one of ];

g: Monitors the use of information system accounts;

h: Notifies account managers:
- 1: When accounts are no longer required;
- 2: When users are terminated or transferred; and
- 3: When individual information system usage or need-to-know changes;

i: Authorizes access to the information system based on:
- 1: A valid access authorization;
- 2: Intended system usage; and
- 3: Other attributes as required by the organization or associated missions/business functions;

j: Reviews accounts for compliance with account management requirements [one of ]; and

k: Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.