AC-2(7): Role-Based Schemes

Control Family:

Access Control

Parent Control:

AC-2: Account Management

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-2(7): Privileged User Accounts

Control Statement

The organization:

Establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles;
Monitors privileged role assignments; and
Takes [Assignment: organization-defined actions] when privileged role assignments are no longer appropriate.

Supplemental Guidance

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. These privileged roles include, for example, key management, account management, network and system administration, database administration, and web administration.