Skip to content

AC-2: Account Management

An OSCAL Control

    • prerequisites and criteria

      prerequisites and criteria for group and role membership are defined;

    • personnel or roles

      personnel or roles required to approve requests to create accounts is/are defined;

    • personnel or roles

      personnel or roles to be notified is/are defined;

    • time period

      time period within which to notify account managers when accounts are no longer required is defined;

    • time period

      time period within which to notify account managers when system usage or the need to know changes for an individual is defined;

    • attributes (as required)

      attributes needed to authorize system access (as required) are defined;

    • attributes (as required)

      attributes (as required) for each account are defined;

    • policy, procedures, prerequisites, and criteria

      policy, procedures, prerequisites, and criteria for account creation, enabling, modification, disabling, and removal are defined;

    • time period

      time period within which to notify account managers when users are terminated or transferred is defined;

    • frequency

      the frequency of account review is defined;