AC-2 Access Control

Account Management

Medium Priority Intermediate NIST CSF

The organization manages information system accounts, including establishing, activating, modifying, disabling, and removing accounts.

Implementation Guidance

Implement automated account management processes where possible. Establish procedures for account creation, modification, and termination. Conduct regular account reviews.

Best Practices

Implement automated account provisioning, conduct quarterly account reviews, maintain account lifecycle documentation

Quick Facts

Guideline ID AC-2
Category Access Control
Subcategory Account Management
Priority Medium
Level Intermediate
Last Updated Mar 1, 2026

Need Help Implementing This Guideline?

Our certified experts can help you align NIST guidelines with your HIPAA compliance program.