HOME

AC-2 (7)

AC-2 (7) H M
Description

The organization:
(a) Establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles;
(b) Monitors privileged role assignments; and
(c) Takes [Assignment: organization-defined actions] when privileged role assignments are no longer appropriate.

FedRAMP
  • H AC-2 (7) (c) [disables/revokes access within a organization-specified timeframe]
DISA Cloud Computing SRG

c. Disables (or revokes) privileged user account

Source:
DoD RMF TAG

Supplemental Guidance

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. These privileged roles include, for example, key management, account management, network and system administration, database administration, and web administration.