Navigate

AC-2 (7)

AC-2 (7): Role-Based Schemes

The organization:

AC-2 (7)(a): Establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles;

AC-2 (7)(b): Monitors privileged role assignments; and

AC-2 (7)(c): Takes [Assignment: organization-defined actions] when privileged role assignments are no longer appropriate.

Supplemental

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. These privileged roles include, for example, key management, account management, network and system administration, database administration, and web administration.

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-2 (7).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of AC-2 (7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-2 (7).

CCI	Definition
CCI-001358	The organization establishes privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles.
CCI-001360	The organization monitors privileged role assignments.
CCI-001407	The organization administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles.
CCI-002136	The organization defines the actions to be taken when privileged role assignments are no longer appropriate.
CCI-002137	The organization takes organization-defined actions when privileged role assignments are no longer appropriate.