The organization:
(a) Monitors information system accounts for [Assignment: organization-defined atypical use]; and
(b) Reports atypical usage of information system accounts to [Assignment: organization-defined personnel or roles].
a. Not appropriate for DoD to define for all CSP's infrastructure or service offerings
b. at a minimum, the ISSO
Source:
DoD RMF TAG
Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations.
AC-2 (12)(a) Guidance: Required for privileged accounts.
AC-2 (12)(b) Guidance: Required for privileged accounts.