AC-2.7: Privileged User Accounts

privileged user accounts are established and administered in accordance with ac-02.07_odp ;

privileged role or attribute assignments are monitored;

changes to roles or attributes are monitored;

access is revoked when privileged role or attribute assignments are no longer appropriate.

Access control policy

procedures addressing account management

system design documentation

system configuration settings and associated documentation

system-generated list of privileged user accounts and associated roles

records of actions taken when privileged role assignments are no longer appropriate

system audit records

audit tracking and monitoring reports

system monitoring records

system security plan

other relevant documents or records

Organizational personnel with account management responsibilities

system/network administrators

organizational personnel with information security responsibilities

Mechanisms implementing account management functions

mechanisms monitoring privileged role assignments