HOME

AC-2 (2)

AC-2 (2) H M
Description

The information system automatically [Selection: removes; disables] temporary and emergency accounts after [Assignment: organization-defined time period for each type of account].

FedRAMP
  • H AC-2 (2) [Selection: disables] [Assignment: 24 hours from last use]
  • M AC-2 (2) [no more than 30 days for temporary and emergency account types]
DISA Cloud Computing SRG

For temporary user accounts: 72 hours

For emergency admin accounts: never (see supplemental recommendation)

Source:
DoD RMF TAG

Supplemental Guidance

This control enhancement requires the removal of both temporary and emergency accounts automatically after a predefined period of time has elapsed, rather than at the convenience of the systems administrator.