STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AC-2 (7)

Access ControlRev 5organization

Account Management

Control Statement

(a) Establish and administer privileged user accounts in accordance with [Selection: organization-defined value]; (b) Monitor privileged role or attribute assignments; (c) Monitor changes to roles or attributes; and (d) Revoke access when privileged role or attribute assignments are no longer appropriate.

Supplemental Guidance

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. Privileged roles include key management, account management, database administration, system and network administration, and web administration. A role-based access scheme organizes permitted system access and privileges into roles. In contrast, an attribute-based access scheme specifies allowed system access and privileges based on attributes.

CCI Identifiers (7)

CCI-001358Establish privileged user accounts in accordance with a role-based access scheme; or an attribute-based access scheme.CCI-001360Monitor privileged role assignments.CCI-002136The organization defines the actions to be taken when privileged role assignments are no longer appropriate.CCI-002137Revoke access when privileged role or attribute assignments are no longer appropriate.CCI-001359The organization tracks privileged role assignments.CCI-001407Administer privileged user accounts in accordance with a role-based access scheme; or an attribute-based access scheme.CCI-003630Monitor changes to roles or attributes.

Linked STIG Checks (39)

Across 39 STIGs. Click to expand.