Home NIST Guidelines AC-2
AC-2 Access Control

Account Management

High Risk Moderate Medium Cost

The organization manages information system accounts, including establishing, activating, modifying, disabling, and removing accounts.

Implementation Guidance

Implement automated account management processes where possible. Establish procedures for account creation, modification, and termination. Conduct regular account reviews.

Best Practices

Implement automated account provisioning, conduct quarterly account reviews, maintain account lifecycle documentation

Quick Facts

Guideline ID AC-2
Category Access Control
Subcategory Account Management
Risk Level High
Difficulty Moderate
Est. Cost Medium
Timeframe 3-6 weeks
Last Updated May 30, 2026
Get Expert Help Free Assessment

Related Guidelines

Explore other guidelines in the Access Control category.

AC-8 Medium

System Use Notification

NIST AC-8 control implementation guidance for System Use Notification. This control addresses Access Control requirements and provides comprehensive s...

AC-4(6) High

Enhanced AC-4 (6)

NIST AC-4(6) control implementation guidance for Enhanced AC-4 (6). This enhanced control addresses Access Control requirements and provides comprehen...

AC-4(1) High

Enhanced AC-4 (1)

NIST AC-4(1) control implementation guidance for Enhanced AC-4 (1). This enhanced control addresses Access Control requirements and provides comprehen...

Need Help Implementing This Guideline?

Our certified experts can help you align NIST guidelines with your HIPAA compliance program.

Contact Our Experts View All Guidelines