AC-2: Account Management

prerequisites and criteria for group and role membership are defined;

attributes (as required) for each account are defined;

personnel or roles required to approve requests to create accounts is/are defined;

policy, procedures, prerequisites, and criteria for account creation, enabling, modification, disabling, and removal are defined;

personnel or roles to be notified is/are defined;

time period within which to notify account managers when accounts are no longer required is defined;

time period within which to notify account managers when users are terminated or transferred is defined;

time period within which to notify account managers when system usage or the need to know changes for an individual is defined;

attributes needed to authorize system access (as required) are defined;

the frequency of account review is defined;