An error occurred:
Close sidebar
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Open sidebar
Navigate
Top
Description
MAD
Related
CCI-002114
CCI-002114
Definition
The organization specifies authorized users of the information system for each account.
Status
Type
CheckType.policy
Master Assessment Datasheet
Implementation Guidance
Validation Procedures
Compelling Evidence
Related Controls
The controls below (if any) were marked by NIST as being related to
CCI-002114
.
Control
Description
AC-2
The organization:
AC-2a.: Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types];
AC-2b.: Assigns account managers for information system accounts;
AC-2c.: Establishes conditions for group and role membership;
AC-2d.: Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account;
AC-2e.: Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts;
AC-2f.: Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions];
AC-2g.: Monitors the use of information system accounts;
AC-2h.: Notifies account managers:
AC-2h.1.: When accounts are no longer required;
AC-2h.2.: When users are terminated or transferred; and
AC-2h.3.: When individual information system usage or need-to-know changes;
AC-2i.: Authorizes access to the information system based on:
AC-2i.1.: A valid access authorization;
AC-2i.2.: Intended system usage; and
AC-2i.3.: Other attributes as required by the organization or associated missions/business functions;
AC-2j.: Reviews accounts for compliance with account management requirements [Assignment: organization-defined frequency]; and
AC-2k.: Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.