AC-2(12): Account Monitoring for Atypical Usage
Control Family:
Parent Control:
Threats Addressed:
Baselines:
- High
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- AC-2(12): Account Monitoring / Atypical Usage
Control Statement
- Monitor system accounts for [Assignment: organization-defined atypical usage]; and
- Report atypical usage of system accounts to [Assignment: organization-defined personnel or roles].
Supplemental Guidance
Atypical usage includes accessing systems at certain times of the day or from locations that are not consistent with the normal usage patterns of individuals. Monitoring for atypical usage may reveal rogue behavior by individuals or an attack in progress. Account monitoring may inadvertently create privacy risks since data collected to identify atypical usage may reveal previously unknown information about the behavior of individuals. Organizations assess and document privacy risks from monitoring accounts for atypical usage in their privacy impact assessment and make determinations that are in alignment with their privacy program plan.