AC-2
Account Management
Account Management
Progress Bar
Progress Bar
Progress Bar
The organization:
Identifies and selects the following types of information system accounts to support organizational missions/business functions:
Assignment: organization-defined information system account types
AC-2a Parameter Requirement: individual, group, system, application, guest/anonymous, and temporary
- Assigns account managers for information system accounts;
- Establishes conditions for group and role membership;
- Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account;
- Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts;
AC-2e Parameter Requirement: GSA S/SO or Contractor recommendation to be approved and accepted by the GSA AO
* Creates, enables, modifies, disables, and removes information system accounts in accordance with
Assignment: organization-defined procedures or conditions
AC-2f Parameter Requirement: GSA S/SO or Contractor recommendation to be approved and accepted by the GSA AO
- Monitors the use of information system accounts
- Notifies account managers
- When accounts are no longer required;
- When users are terminated or transferred; and
- When individual information system usage or need-to-know changes;
- Authorizes access to the information system based on:
- A valid access authorization;
- Intended system usage; and
- Other attributes as required by the organization or associated missions/business functions;
- Reviews accounts for compliance with account management requirements
Assignment: organization-defined frequency
AC-2j Parameter Requirement: at least annually
* Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.
Document VPC, Monitoring
Application
Application