AC-2(13): Disable Accounts for High-risk Individuals
Control Family:
Parent Control:
Baselines:
- Moderate
- High
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- AC-2(13): Disable Accounts For High-Risk Individuals
Control Statement
Disable accounts of individuals within [Assignment: organization-defined time period] of discovery of [Assignment: organization-defined significant risks].
Supplemental Guidance
Users who pose a significant security and/or privacy risk include individuals for whom reliable evidence indicates either the intention to use authorized access to systems to cause harm or through whom adversaries will cause harm. Such harm includes adverse impacts to organizational operations, organizational assets, individuals, other organizations, or the Nation. Close coordination among system administrators, legal staff, human resource managers, and authorizing officials is essential when disabling system accounts for high-risk individuals.