Navigate

CCI-002230

CCI-002230 Definition

Review, on an organization-defined frequency, the privileges assigned to organization-defined roles or classes of users to validate the need for such privileges.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to review the privileges assigned to all users at a minimum, annually to validate the need for such privileges. The organization must maintain an audit trail of reviews. DoD has defined the roles or classes of users as all users. DoD has defined the frequency as at a minimum, annually.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of reviews to ensure the organization being inspected/assessed reviews the privileges assigned to all users at a minimum, annually. to validate the need for such privileges. DoD has defined the roles or classes of users as all users. DoD has defined the frequency as at a minimum, annually.

Compelling Evidence

1.) Applicable STIG/SRG checks 2.) Signed and dated documentation that defines the process to review the privileges assigned to all users at a minimum, annually to validate the need for such privileges.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002230.

Control	Description
AC-6(7)	The organization: (a): Reviews [organization-defined frequency] the privileges assigned to [organization-defined roles or classes of users] to validate the need for such privileges; and (b): Reassigns or removes privileges, if necessary, to correctly reflect organizational mission/business needs.