AC-2 Access Control

Account Management

Medium Priority Intermediate Level NIST CSF

The organization manages information system accounts, including establishing, activating, modifying, disabling, and removing accounts.

Implementation Guidance

Implement automated account management processes where possible. Establish procedures for account creation, modification, and termination. Conduct regular account reviews.

Best Practices

Implement automated account provisioning, conduct quarterly account reviews, maintain account lifecycle documentation

Testing Procedures

Test account creation and modification processes, verify account review procedures, check for orphaned accounts

Related Guidelines

AC-1, AC-3, AC-4, AC-5, AC-6

Quick Facts

Guideline ID: AC-2
Category: Access Control
Subcategory: Account Management
Priority: Medium
Level: Intermediate
Views: 30
Last Updated: Nov 22, 2025

Actions

Get Expert Help Free Assessment

Additional Resources

NIST SP 800-53 Rev. 5, NIST SP 800-63 Digital Identity Guidelines, HIPAA Security Rule

Related Guidelines

AC-4(22) Medium

Enhanced AC-4 (22)

NIST AC-4(22) control implementation guidance for Enhanced AC-4 (22). This enhanced control addresses Access Control req...

AC-22 Medium

Publicly Accessible Content

NIST AC-22 control implementation guidance for Publicly Accessible Content. This control addresses Access Control requir...

AC-7(3) Medium

Enhanced AC-7 (3)

NIST AC-7(3) control implementation guidance for Enhanced AC-7 (3). This enhanced control addresses Access Control requi...