Navigate

AC-2 (8)

AC-2 (8): Dynamic Account Creation

The information system creates [Assignment: organization-defined information system accounts] dynamically.

Supplemental

Dynamic approaches for creating information system accounts (e.g., as implemented within service-oriented architectures) rely on establishing accounts (identities) at run time for entities that were previously unknown. Organizations plan for dynamic creation of information system accounts by establishing trust relationships and mechanisms with the appropriate authorities to validate related authorizations and privileges.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-2 (8).

Control	Description
AC-16	The organization: AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; AC-16b.: Ensures that the security attribute associations are made and retained with the information; AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.

Control

Description

AC-16

The organization:

AC-16a.: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission;

AC-16b.: Ensures that the security attribute associations are made and retained with the information;

AC-16c.: Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and

AC-16d.: Determines the permitted [Assignment: organization-defined values or ranges] for each of the established security attributes.

Enhancements

The controls below (if any) add on to the requirements of AC-2 (8).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-2 (8).

CCI	Definition
CCI-002138	The organization defines the information system accounts that can be dynamically created.
CCI-002139	The information system creates organization-defined information system accounts dynamically.