AC-2(7)
AC-2(7): Role-based Schemes
The organization:
- (a): Establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles;
- (b): Monitors privileged role assignments; and
- (c): Takes [organization-defined actions] when privileged role assignments are no longer appropriate.
Supplemental
Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. These privileged roles include, for example, key management, account management, network and system administration, database administration, and web administration.
CIA Levels | |
---|---|
Confidentiality | high |
Integrity | high |
Availability | unknown |
Overlays |
---|
None |
CSF Categories |
---|
None |