Navigate

CCI-002137

CCI-002137 Definition

The organization takes organization-defined actions when privileged role assignments are no longer appropriate.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to disable (or revoke) the privileged user account when privileged role assignments are no longer appropriate. The organization must maintain an audit trail of the actions taken. DoD has defined the actions as disables (or revokes) privileged user account.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of actions taken to ensure the organization being inspected/assessed disables (or revokes) the privileged user account when privileged role assignments are no longer appropriate. DoD has defined the actions as disables (or revokes) privileged user account.

Compelling Evidence

1.) Signed and dated documentation of a process for disabling/revoking privileged user accounts. 2.) Audit trail of disabling/revoking privileged user accounts.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002137.

Control	Description
AC-2 (7)	The organization: AC-2 (7)(a): Establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles; AC-2 (7)(b): Monitors privileged role assignments; and AC-2 (7)(c): Takes [Assignment: organization-defined actions] when privileged role assignments are no longer appropriate.