Navigate

CCI-002148

CCI-002148 Definition

Defines the personnel or roles to whom atypical usage of system accounts are to be reported.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if atypical usage of system accounts is reported to [AC-02(12)_ODP[02]; personnel or roles to report atypical usage is/are defined].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing account management; system design documentation; system configuration settings and associated documentation; system monitoring records; system audit records; audit tracking and monitoring reports; privacy impact assessment; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing account management functions].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002148.

Control	Description
AC-2(12)	(a): Monitor system accounts for [atypical usage for which to monitor system accounts is defined;] ; and (b): Report atypical usage of system accounts to [personnel or roles to report atypical usage is/are defined;].