Navigate

CCI-002227

CCI-002227 Definition

The organization restricts privileged accounts on the information system to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed implements a process to only provide privileged accounts on the information system to personnel or roles defined in AC-6 (5), CCI 2226.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines a sampling of information system access authorizations to ensure the organization being inspected/assessed implements a process to only provide privileged accounts on the information system to personnel or roles defined in AC-6 (5), CCI 2226.

Compelling Evidence

1.) Signed and dated access control policy 2.) Signed and dated system security plan (SSP) 3.) Copy of privileged user agreement 4.) Applicable STIG/SRG checks

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002227.

Control	Description
AC-6 (5)	The organization restricts privileged accounts on the information system to [Assignment: organization-defined personnel or roles].