Access Control (AC)
Level N/A
Require that users log out when [Assignment: organization-defined time period of expected inactivity or description of when to log out].
Access Control (AC)
Implement [Assignment: organization-defined dynamic privilege management capabilities].
Access Control (AC)
(a) Establish and administer privileged user accounts in accordance with [Selection: a role-based access scheme; an attribute-based access scheme]; (b) Monitor privileged role or attribute assignments; (c) Monitor changes to roles or attributes; and (d) Revoke access when privileged role or attribute assignments are no longer appropriate.
Access Control (AC)
Create, activate, manage, and deactivate [Assignment: organization-defined system accounts] dynamically.
Access Control (AC)
Only permit the use of shared and group accounts that meet [Assignment: organization-defined conditions for establishing shared and group accounts].
Access Control (AC)
[Withdrawn: Incorporated into AC-2 and AU-6.]
Access Control (AC)
Level N/A
Enforce [Assignment: organization-defined circumstances and/or usage conditions] for [Assignment: organization-defined system accounts].
Access Control (AC)
(a) Monitor system accounts for [Assignment: organization-defined atypical usage]; and (b) Report atypical usage of system accounts to [Assignment: organization-defined personnel or roles].
Access Control (AC)
Disable accounts of individuals within [Assignment: organization-defined time period] of discovery of [Assignment: organization-defined significant risks].
Access Control (AC)
Level N/A
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
