AC-2(12): Account Monitoring / Atypical Usage

Control Family:

Access Control

Parent Control:

AC-2: Account Management

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-1
PR.AC-4
PR.AC-6
DE.CM-1
DE.CM-3

Threats Addressed:

Spoofing
Repudiation
Information Disclosure
Lateral Movement

Baselines:

High

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-2(12): Account Monitoring for Atypical Usage

Control Statement

The organization:

Monitors information system accounts for [Assignment: organization-defined atypical usage]; and
Reports atypical usage of information system accounts to [Assignment: organization-defined personnel or roles].

Supplemental Guidance

Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations.

Control Statement

Supplemental Guidance

Related Controls

Critical Security Controls Version 7.1