← Back to catalog
AC-2(7)

Privileged User Accounts

Access Control (AC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Establish and administer privileged user accounts in accordance with [assignment]; Monitor privileged role or attribute assignments; Monitor changes to roles or attributes; and Revoke access when privileged role or attribute assignments are no longer appropriate.

Discussion

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. Privileged roles include key management, account management, database administration, system and network administration, and web administration. A role-based access scheme organizes permitted system access and privileges into roles. In contrast, an attribute-based access scheme specifies allowed system access and privileges based on attributes.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.