AC-2 Access Control

Account Management

Medium Priority Intermediate NIST CSF

The organization manages information system accounts, including establishing, activating, modifying, disabling, and removing accounts.

Implementation Guidance

Implement automated account management processes where possible. Establish procedures for account creation, modification, and termination. Conduct regular account reviews.

Best Practices

Implement automated account provisioning, conduct quarterly account reviews, maintain account lifecycle documentation

Quick Facts

Guideline ID AC-2

Category Access Control

Subcategory Account Management

Priority Medium

Level Intermediate

Last Updated Mar 1, 2026

Get Expert Help Free Assessment

Related Guidelines

Explore other guidelines in the Access Control category.

AC-19(5) Medium

Enhanced AC-19 (5)

NIST AC-19(5) control implementation guidance for Enhanced AC-19 (5). This enhanced control addresses Access Control requirements and provides compreh...

AC-6(3) Medium

Enhanced AC-6 (3)

NIST AC-6(3) control implementation guidance for Enhanced AC-6 (3). This enhanced control addresses Access Control requirements and provides comprehen...

AC-6(9) Medium

Enhanced AC-6 (9)

NIST AC-6(9) control implementation guidance for Enhanced AC-6 (9). This enhanced control addresses Access Control requirements and provides comprehen...

Need Help Implementing This Guideline?

Our certified experts can help you align NIST guidelines with your HIPAA compliance program.

Contact Our Experts View All Guidelines