AC-2(8): Dynamic Account Management

Control Family:

Access Control

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Previous Version:

Control Statement

Create, activate, manage, and deactivate [Assignment: organization-defined system accounts] dynamically.

Supplemental Guidance

Approaches for dynamically creating, activating, managing, and deactivating system accounts rely on automatically provisioning the accounts at runtime for entities that were previously unknown. Organizations plan for the dynamic management, creation, activation, and deactivation of system accounts by establishing trust relationships, business rules, and mechanisms with appropriate authorities to validate related authorizations and privileges.