NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
AC-1
AC-2
AC-2(1)
AC-2(2)
AC-2(3)
AC-2(4)
AC-2(5)
AC-2(6)
AC-2(7)
AC-2(8)
AC-2(9)
AC-2(11)
AC-2(12)
AC-2(13)
AC-3
AC-14(1)
AC-3(2)
AC-3(3)
AC-3(4)
AC-3(5)
AC-15
AC-3(7)
AC-3(8)
AC-3(9)
AC-3(10)
AC-3(11)
AC-3(12)
AC-3(13)
AC-3(14)
AC-3(15)
AC-4
AC-4(1)
AC-4(2)
AC-4(3)
AC-4(4)
AC-4(5)
AC-4(6)
AC-4(7)
AC-4(8)
AC-4(9)
AC-4(10)
AC-4(11)
AC-4(12)
AC-4(13)
AC-4(14)
AC-4(15)
AC-17(5)
AC-4(17)
AC-17(7)
AC-4(19)
AC-4(20)
AC-4(21)
AC-4(22)
AC-4(23)
AC-4(24)
AC-4(25)
AC-4(26)
AC-4(27)
AC-4(28)
AC-4(29)
AC-4(30)
AC-4(31)
AC-4(32)
AC-5
AC-6
AC-6(1)
AC-6(2)
AC-6(3)
AC-6(4)
AC-6(5)
AC-6(6)
AC-6(7)
AC-6(8)
AC-6(9)
AC-6(10)
AC-7
AC-17(8)
AC-7(2)
AC-7(3)
AC-7(4)
AC-8
AC-9
AC-9(1)
AC-9(2)
AC-9(3)
AC-9(4)
AC-10
AC-11
AC-11(1)
AC-12
AC-12(1)
AC-12(2)
AC-12(3)
AC-13
AC-14
AC-19(1)
AC-19(2)
AC-16
AC-16(1)
AC-16(2)
AC-16(3)
AC-16(4)
AC-16(5)
AC-16(6)
AC-16(7)
AC-16(8)
AC-16(9)
AC-16(10)
AC-17
AC-17(1)
AC-17(2)
AC-17(3)
AC-17(4)
AC-17(6)
AC-18(2)
AC-19(3)
AC-2(10)
AC-3(1)
AC-17(9)
AC-17(10)
AC-18
AC-18(1)
AC-3(6)
AC-18(3)
AC-18(4)
AC-18(5)
AC-19
AC-4(16)
AC-4(18)
AC-7(1)
AC-19(4)
AC-19(5)
AC-20
AC-20(1)
AC-20(2)
AC-20(3)
AC-20(4)
AC-20(5)
AC-21
AC-21(1)
AC-21(2)
AC-22
AC-23
AC-24
AC-24(1)
AC-24(2)
AC-25

AC-2(7): Account Management | Privileged User Accounts

Control Text:

(a) Establish and administer privileged user accounts in accordance with [Selection: a role-based access scheme; an attribute-based access scheme]; (b) Monitor privileged role or attribute assignments; (c) Monitor changes to roles or attributes; and (d) Revoke access when privileged role or attribute assignments are no longer appropriate.

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. Privileged roles include key management, account management, database administration, system and network administration, and web administration. A role-based access scheme organizes permitted system access and privileges into roles. In contrast, an attribute-based access scheme specifies allowed system access and privileges based on attributes.

Related Controls

  • None